SEC Consult reported about a path traversal bypass and denial of service in Kyocera TASKalfa 4053ci printers.
The vulnerability reported on by SEC Consult, has been identified as CVE-2023-34259, CVE-2023-34260, CVE-2023-34261. As SEC Consult explains, “The path traversal vulnerability can be used to access arbitrary files on the filesystem, even files that require root privileges. Also, the path traversal vulnerability can be used to conduct a denial-of-service (DoS). Due the username enumeration vulnerability, it is possible to identify valid user accounts.”
Kyocera recommends the download of the latest firmware and update the vulnerable firmware version 2VG_S000.002.561 with the fixed version 2VG_S000.002.574.
