A high-severity vulnerability exists in the user interface of multiple Kyocera products, specifically the Command Center RX. This flaw allows a remote attacker to intercept network communications and steal sensitive information, potentially exposing administrator credentials, device configurations, and other confidential data. Organizations are urged to apply vendor patches immediately to mitigate the risk of a data breach.

The vulnerability is an information disclosure flaw within the user interface of the Kyocera Command Center RX. It allows a remote attacker to obtain sensitive information by inspecting network packets sent from a user's browser to the device's web interface. This implies that data is being transmitted in an insecure manner, likely without proper encryption (e.g., over HTTP), allowing an attacker in a Man-in-the-Middle (MitM) position to capture and read the traffic, which could include usernames, passwords, and device settings.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant risk to the organization. Successful exploitation could lead to the compromise of administrative credentials for the printing fleet, allowing an attacker to gain unauthorized access to device settings and potentially sensitive information stored on or processed by the devices. This could result in a data breach, unauthorized network access if credentials are reused, and operational disruption, creating significant security and compliance risks.

Immediate Action: Apply vendor-supplied security updates to all affected Kyocera devices immediately. Before and after patching, monitor device and network logs for any signs of exploitation, such as unusual access patterns to the Command Center RX web interface.

Proactive Monitoring: Monitor network traffic to and from the management interfaces of affected Kyocera devices for unencrypted HTTP traffic. Security teams should configure network intrusion detection systems (NIDS) to alert on attempts to eavesdrop on traffic destined for these devices. Review device access logs for connections from unexpected or unauthorized IP addresses.

Compensating Controls: If immediate patching is not feasible, implement network segmentation to isolate printers from general user networks. Restrict access to the device's web management interface to a dedicated and trusted administrative VLAN or subnet. Ensure that administrative access is only performed from a secure management workstation.

Public Exploit Available: false

It is strongly recommended that the organization treat this vulnerability as a high-priority issue. Asset owners should immediately identify all vulnerable Kyocera devices within the environment and deploy the vendor-provided patch without delay. Although CVE-2023-49367 is not currently listed on the CISA KEV catalog, its high severity score indicates a significant risk of sensitive information exposure. Proactive patching is the most effective defense to prevent potential future exploitation and safeguard critical data.