Credential Exposure in Driver Distributor by Fujifilm
CVE-2022-43460

7.5HIGH

Key Information:

Vendor: Fujifilm Business Innovation Corp.
Status: Driver Distributor
Vendor: CVE Published:; 13 February 2023

What is CVE-2022-43460?

The Driver Distributor from Fujifilm prior to version 2.2.3.1 has a security flaw that allows sensitive information, specifically administrator passwords, to be stored in a recoverable format. This design oversight means that if an attacker manages to access the configuration file of Driver Distributor, they could decrypt the passwords contained within, potentially compromising the system's integrity and security. Organizations using affected versions should prioritize updates to safeguard against this vulnerability.

Affected Version(s)

Driver Distributor v2.2.3.1 and earlier

References

https://www.fujifilm.com/fbglobal/eng/company/news/notice...

https://jvn.jp/en/jp/JVN22830348/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Dec 9, 2022

Fujifilm Business Innovation Corp.

What is CVE-2022-43460?

Affected Version(s)

References

CVSS V3.1

Timeline