Anna käyttäjänimesi tai sähköpostiosoitteesi. Lähetämme sinulle sähköpostiviestin, joka sisältää ohjeet salasanasi vaihtamiseen. Jos olet unohtanut käyttäjänimesi, et ole saanut sähköpostiviestiä salasanasi palauttamiseksi tai tarvitset apua, ota yhteyttä tukitiimiimme.
Jos olet kirjoittanut oikean sähköpostin, vastaamme …
Voit pyytää uutta tiliä lähettämällä tietosi Kyoceralle. Hyväksymisen yhteydessä lähetämme sinulle väliaikaisen salasanan sähköpostitse.
Tällä hetkellä rekisteröityä voi vain Kyocera Document Solutions -kumppanit ja työntekijät. Huomaa, että paikallinen vanha ekstranet on edelleen käytettävissä alla olevan painikkeen kautta.
A security vulnerability has been identified in Kyocera Document Solutions’ MFPs and printers.
Three vulnerabilities have been identified:
This vulnerability is subject to a situation where a third party can access the network.
Vulnerability problems will not occur unless the environment is accessed by a third party.
Vulnerability ID: JVN#46345126
https://jvn.jp/jp/JVN46345126/
1. Session Management Defects in Command Center Vulnerability (CVE-2022-41798)
A vulnerability that allows users to login without login authentication by forged cookies in an environment where the product is accessible through Command Center.
2. Inadequate Authentication of Command Center (CVE-2022-41807)
In an usage environment where the product is accessible via Command Center, if a client (a malicious attacker's personal computer) issues a request to a server (the product) to change device settings using the Common Gateway Interface (CGI), configuration changes can be made without logging in to Command Center.
3. Cross-site scripting vulnerability in Command Center (CVE-2022-41830)
In an usage environment where the product is accessible via Command Center, a vulnerability could allow an attacker to embed malicious JavaScript in a certificate by exploiting the ability to register, configure, and reference SSL/TLS certificates in the Command Center security settings. Therefore, when the equipment administrator logs in to the Command Center and references the SSL/TLS certificate, JavaScript is executed and the equipment administrator can be victimized.
Please contact your services provider to apply the firmware that addresses the security vulnerability.
Until the firmware is applied, please take the following workaround measures.
Workaround 1
To reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please use the multifunction copiers in an environment protected by a firewall or other means when connecting them to the Internet. This will block unauthorized access from outside via the Internet.
Workaround 2
It is recommended that the IP address of the multifunction copiers/printers be operated with a private IP address* set. If a global IP address is set, the risk of information leakage due to unauthorized access from outside increases.
We will update the contents of this page as necessary in the event of any changes.
In addition, we are developing and marketing successors and new products with more advanced security functions. Please consider the successor products and new products for the safe protection of your information assets.
For information on how this vulnerability affects products developed, manufactured, and sold by Kyocera Document Solutions, please contact your local distributor where you purchased the product.