Security Vulnerability in KYOCERA Device Manager

A security vulnerability has been identified in the printer driver "KX Driver" developed for the functions of multifunction devices and printers provided by KYOCERA Document Solutions. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.

Vulnerability description

The vulnerability relates to a vulnerability known as Microsoft Windows Unquoted Service Path Enumeration. The creation of an unquoted service may allow an attacker to run arbitrary programs (such as malware) with Windows system privileges.

Vulnerability number: CVE-2023-38634

Countermeasures

As a countermeasure, we provide a new "KX Driver" that addresses security vulnerability. Please install the latest driver. ＊This has been addressed in the "KX Driver" (version 8.4.1716).

Products affected by this vulnerability

For more information on how this vulnerability, please contact the Sales Company in the region where you purchased the equipment.