CVE-2023-50916

{"id": "CVE-2023-50916", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-01-10T19:15:08.227", "references": [{"url": "https://www.kyoceradocumentsolutions.us/en/about-us/pr-and-award-certifications/press/kyocera-device-manager-cve-2023-50196-vulnerability-solution-update.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-001_kyocera-v2.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \\ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks."}, {"lang": "es", "value": "Kyocera Device Manager anterior a 3.1.1213.0 permite la exposici\u00f3n de credenciales NTLM durante la autenticaci\u00f3n de ruta UNC mediante un cambio manipulado de una ruta local a una ruta UNC. Permite a los administradores configurar la ubicaci\u00f3n de la copia de seguridad de la base de datos utilizada por la aplicaci\u00f3n. Se rechaza el intento de cambiar esta ubicaci\u00f3n a una ruta UNC a trav\u00e9s de la GUI debido al uso de un car\u00e1cter \\ (backslash), que se supone no est\u00e1 permitido en un nombre de ruta. Interceptar y modificar esta solicitud a trav\u00e9s de un proxy, o enviar la solicitud directamente al endpoint de la aplicaci\u00f3n, permite establecer rutas UNC para la ubicaci\u00f3n de la copia de seguridad. Una vez establecida dicha ubicaci\u00f3n, Kyocera Device Manager intenta confirmar el acceso e intentar\u00e1 autenticarse en la ruta UNC; Dependiendo de la configuraci\u00f3n del entorno, esto puede autenticarse en la UNC con hashes NTLM de Windows. Esto podr\u00eda permitir la retransmisi\u00f3n de credenciales NTLM o ataques de cracking."}], "lastModified": "2024-01-19T17:49:52.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kyocera:device_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7212959F-AE55-4FD3-A881-9E550C79BC70", "versionEndExcluding": "3.1.1213.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}