SATO CL4NX-J Plus WebConfig improper authentication

Vulnerability

The vulnerability exists in the WebConfig component of SATO CL4NX-J Plus firmware version 1.13.2-u455_r2. The issue is an improper authentication flaw in an unknown functionality of this component. The manipulation leads to a bypass or failure of authentication mechanisms. The vulnerability has been classified as critical, and the exploit has been publicly disclosed. [1]

Exploitation

An attacker can exploit this vulnerability from within the local network. No specific authentication or user interaction is required, as the exploitation relies on the authentication weakness. The attacker manipulates the WebConfig component to bypass authentication controls. The exact steps are not detailed in the available references, but the disclosed exploit suggests the attack vector is simple enough to be carried out without advanced privileges. [1]

Impact

Successful exploitation allows an attacker to gain unauthorized access to the printer's WebConfig interface. The impact primarily involves a breach of confidentiality and integrity, as the attacker may view or alter device configurations. Remote code execution is not mentioned in the references, so the compromise is limited to device management functions. The privilege level achievable is administrative access to the web interface. [1]

Mitigation

As of the publication date (2023-10-01), no official patch or firmware update has been released by SATO to address this vulnerability. Users of the affected version (1.13.2-u455_r2) should restrict network access to the WebConfig interface to trusted devices only, such as by using network segmentation or firewall rules. There is no known listing on the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]