<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1741336722824154&amp;ev=PageView&amp;noscript=1">
Skip to the main content.
icon globeEN / AU & NZ Partner Portal Contact Us

Print Solutions

Benefit from smart ideas, lower costs, greater productivity. Choose from award-winning printers, software solutions and consumables

 

Business Solutions

Personalised technology solutions to help your organisation gain a competitive advantage

Support Centre

Get the right help and advice, register a product and see why our commitment to you matters.

 

About Kyocera

Discover our brand, our global activities and commitments

Business Solutions

Personalised technology solutions to help your organisation gain a competitive advantage

Discover how

 

KYOCERA Command Center RX (CCRX) Security Vulnerability
ccrx-vulnerability (1)

We are writing to inform you that a security vulnerability has been confirmed in KYOCERA Command Center RX (hereinafter referred to as "CCRX"), which allows users to check and change various settings of multifunction devices provided by Kyocera Document Solutions over the network. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

 

Vulnerability description

  1. Path Traversal

    CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.

    Vulnerability number: CVE-2023-34259

  2. Denial of Service (DoS)

    There is a vulnerability that makes CCRX unusable by a DoS attack. By manipulating the value of the file path, CCRX may become unresponsive.

    Vulnerability number: CVE-2023-34260

  3. User Enumeration

    By trying to login many times, an attacker can grasp if there is a login user name in data base for device at CCRX login. 

    Vulnerability number: CVE-2023-34261

Countermeasures

As a countermeasure, we provide firmware that fixed Vulnerability issues. Please contact your local distributor to apply the firmware. As for “3. User Enumeration”, Kyocera Document Solutions recognises that security risk is low level.

 

Acknowledgement

Kyocera Document Solutions would like to thank Mr. Stefan Michlits of SEC Consult, an Austrian security consulting services company, who discovered this vulnerability.

 

Products affected by this vulnerability

For more information on how this vulnerability affects products, please contact your local distributor where you purchased the product.​

 

Talk to us, we’re human

Our Kyocera experts are ready to answer your support query, solve your challenge, deal with your sales enquiry or arrange a demonstration.
Contact us