Insufficient Encryption in Multifunction Printers by FUJIFILM and Xerox
CVE-2023-46327

5.9MEDIUM

Key Information:

Vendor: Fujifilm Business Inovation Corp.
Status: Apeos C3070 Asia Pacific Model; Apeos C3570 Asia Pacific Model; Apeos C4570 Asia Pacific Model; Apeos C2060 Japan Model
Vendor: CVE Published:; 2 November 2023

What is CVE-2023-46327?

Certain multifunction printers from FUJIFILM Business Innovation Corp. and Xerox Corporation expose sensitive information due to vulnerabilities in their Address Book export functionality. While these printers offer an encrypted method for exporting address data, the encryption technique utilized is inadequate, allowing potential attackers to decipher details, including critical server credentials. Users are strongly advised to review the specific product information and implement necessary security measures to safeguard their systems.

Affected Version(s)

Apeos 1860 Japan Model 1.0.0 to 1.2.16

Apeos 1860 Japan Model 1.20.0 to 1.20.7

Apeos 1860 Japan Model 1.26.0 to 1.26.10

References

https://www.fujifilm.com/fbglobal/eng/company/news/notice...

https://security.business.xerox.com/en-us/documents/bulle...

https://jvn.jp/en/vu/JVNVU96482726/index.html

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2023
Vulnerability Reserved
Oct 23, 2023

Fujifilm Business Inovation Corp.

What is CVE-2023-46327?

Affected Version(s)

References

CVSS V3.1

Timeline