CVE-2023-50916
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Jan 10, 2024
Updated: Jan 19, 2024
CWE ID 22
Summary
CVE-2023-50916 is a vulnerability affecting Kyocera Device Manager versions prior to 3.1.1213.0. This issue allows NTLM credential exposure during UNC path authentication. Despite the GUI rejecting UNC paths for the backup location, attackers can modify the request via a proxy or directly to the application endpoint to set a UNC path. Once set, the software attempts to confirm access and authenticates to the UNC path using Windows NTLM hashes. This vulnerability poses a risk for NTLM credential relaying or cracking attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share