Safety-relevant information:
Vulnerability in the KX driver (CVE-2023-38634)
I. Vulnerability summary
Publication:
May 24, 2023
Description:
CVE-2023-38634: The following vulnerability has been identified in the KX Driver: Authorization Vulnerability.
The vulnerability relates to a vulnerability known as Microsoft Windows Unquoted Service Path Enumeration. A vulnerability in the executable path and the creation of an unquoted service may allow an attacker to execute arbitrary programs (e.g. malware) with Windows system privileges.
It is possible to revoke Windows system privileges and it is possible to spy on information that exists under Windows or to carry out an attack with system privileges.
To do this, the attacker must have access to the target Windows system.
Products affected:
Software products affected by a similar vulnerability:
May 24, 2023
Description:
CVE-2023-38634: The following vulnerability has been identified in the KX Driver: Authorization Vulnerability.
The vulnerability relates to a vulnerability known as Microsoft Windows Unquoted Service Path Enumeration. A vulnerability in the executable path and the creation of an unquoted service may allow an attacker to execute arbitrary programs (e.g. malware) with Windows system privileges.
It is possible to revoke Windows system privileges and it is possible to spy on information that exists under Windows or to carry out an attack with system privileges.
To do this, the attacker must have access to the target Windows system.
Products affected:
Software products affected by a similar vulnerability:
- Status Monitor
- TA Fleetmanager NetGateway
- Device Manager
- TA Cloud Print and Scan Desktop client
- TA Smart Information Manager (TASIM)
At the time of this publication, we are not aware of any attacks that exploit these vulnerabilities.
II. Solution
As a countermeasure, a new KX Driver web package is available that addresses the vulnerability. We recommend installing the latest driver.
Release of update versions for the affected products.
KX Treiber (incl. Status Monitor) released
TA Fleetmanager NetGateway released
Device Manager released
TA Cloud Print and Scan released
TA Smart Information Manager (TASIM) released
Release of update versions for the affected products.
KX Treiber (incl. Status Monitor) released
TA Fleetmanager NetGateway released
Device Manager released
TA Cloud Print and Scan released
TA Smart Information Manager (TASIM) released