Kyocera urges customers to patch critical issue in Kyocera Net Manager
Take action: Usually KNM systems are isolated from the internet, so first confirm that your KNM is also visible only from trusted networks. If it's accessible from the internet, patch ASAP. Otherwise, patch in your regular update schedule, but don't ignore this vulnerability. Someone will find it by compromising something else.
Learn More
Kyocera Document Solutions America has detected a critical vulnerability in its Kyocera Net Manager (KNM) software, which poses a serious security risk.
Kyocera Net Manager (KNM) is a print management solution designed to optimize and secure document handling and printing operations within an organization. It's a server-based application, managing document output across printing, copying, and scanning, and providing detailed reports on these activities.
The vulnerability is tracked as CVE-2024-22076 (CVSS score 9.8) and allows for unauthenticated remote code execution, enabling attackers to execute arbitrary code on affected systems without needing authentication. Specifically, it allows remote attackers to edit PHP scripts used by the KNM software, potentially leading to data exfiltration or other malicious activities within the web application.
Customers using the Kyocera Net Manager software are strongly advised to contact their dealer, authorized reseller, or servicing agent without delay to determine if their systems are impacted and to secure the necessary updates to mitigate the risk posed by this vulnerability.
