Safety-related information Vulnerability KX driver
Vulnerability in KX driver (CVE-2023-38634)
I. Summary of the vulnerability
Publication:
24.05.2023
24.05.2023
Description:
CVE-2023-38634: The following vulnerability has been identified in KX Driver: Authorization Vulnerability.
The vulnerability relates to a vulnerability known as Microsoft Windows Unquoted Service Path Enumeration. An executable path vulnerability and the creation of an unquoted service could allow an attacker to execute arbitrary programs (e.g., malware) with Windows system privileges.
It is possible to revoke Windows system privileges, and it is possible to spy on information that exists under Windows or to perform an attack with system privileges.
However, the attacker must have access to the target Windows system to do so.
CVE-2023-38634: The following vulnerability has been identified in KX Driver: Authorization Vulnerability.
The vulnerability relates to a vulnerability known as Microsoft Windows Unquoted Service Path Enumeration. An executable path vulnerability and the creation of an unquoted service could allow an attacker to execute arbitrary programs (e.g., malware) with Windows system privileges.
It is possible to revoke Windows system privileges, and it is possible to spy on information that exists under Windows or to perform an attack with system privileges.
However, the attacker must have access to the target Windows system to do so.
Affected products:
Software products that are affected by a similar vulnerability:
Software products that are affected by a similar vulnerability:
- Status Monitor
- TA Fleetmanager NetGateway
- Device Manager
- TA Cloud Print and Scan Desktop client
- TA Smart Information Manager (TASIM)
At the time of this publication, we are not aware of any attacks that exploit these vulnerabilities.
II. Solution description
As a countermeasure, a new KX Driver web package is available that addresses the vulnerability. We recommend installing the latest driver.
Release of update versions for the affected products
Release of update versions for the affected products
KX Driver (incl. Status Monitor) published
TA Fleetmanager NetGateway published
Device Manager published
TA Cloud Print and Scan published
TA Smart Information Manager (TASIM) published
TA Fleetmanager NetGateway published
Device Manager published
TA Cloud Print and Scan published
TA Smart Information Manager (TASIM) published
III. Further information
The KX v8.4 driver was released on March 14, 2024. Since the vulnerability was announced, new models have been released that contain the KX driver in a version lower than 8.4. The following models have had this vulnerability patch applied from the first release.
- P-C3563i MFP, P-C3567i MFP, P-C4063i MFP, P-C4067i MFP: KX8.2.2130
- P-C2651DW, P-C2157w MFP, P-C2656w MFP: KX8.3.2707
- P-4027iw MFP, P-4026w MFP, P-4021 MFP, P-3527w MFP, P-3521 MFP, P-3522DW, P-4021DN, P-4021DW: KX8.3.2708