Insufficient Encryption in Multifunction Printers by FUJIFILM and Xerox
CVE-2023-46327

5.9MEDIUM

Key Information:

Vendor: Fujifilm Business Inovation Corp.
Status: Apeos C3070 Asia Pacific Model; Apeos C3570 Asia Pacific Model; Apeos C4570 Asia Pacific Model; Apeos C2060 Japan Model
Vendor: CVE Published:; 2 November 2023

🔔 Create Fujifilm Business Inovation Corp. Vulnerability Alert

What is CVE-2023-46327?

Certain multifunction printers from FUJIFILM Business Innovation Corp. and Xerox Corporation expose sensitive information due to vulnerabilities in their Address Book export functionality. While these printers offer an encrypted method for exporting address data, the encryption technique utilized is inadequate, allowing potential attackers to decipher details, including critical server credentials. Users are strongly advised to review the specific product information and implement necessary security measures to safeguard their systems.

Affected Version(s)

Apeos 1860 Japan Model 1.0.0 to 1.2.16

Apeos 1860 Japan Model 1.20.0 to 1.20.7

Apeos 1860 Japan Model 1.26.0 to 1.26.10

References

https://www.fujifilm.com/fbglobal/eng/company/news/notice...

https://security.business.xerox.com/en-us/documents/bulle...

https://jvn.jp/en/vu/JVNVU96482726/index.html

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Oct 23, 2023