Kyocera Device Manager instances impacted by the already patched path traversal vulnerability, tracked as CVE-2023-50916, could be targeted by threat actors to facilitate further malicious activity, including unauthorized account access and data exfiltration, reports The Hacker News.
Attackers could also leverage the flaw, which could allow interception of a local path it could then change into a universal naming convention path that would be authenticated by the web app, to enable NTLM relay attacks, according to Kyocera, which has issued a fix for the security issue with Kyocera Device Manager version 3.1.1213.0.
"This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the 'Restrict NTLM: Outgoing NTLM traffic to remote servers' security policy is not enabled," said Trustwave, which discovered and reported the issue within Kyocera's Device Manager offering.