[Japanese]

JVNDB-2023-000012

Vulnerability in Driver Distributor where passwords are stored in a recoverable format

Overview

Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format (CWE-257).

Sato Ryo, Yokoi Hiroshi, and Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.2 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)
  • Driver Distribution Tool v2.2.3.1 and earlier

Impact

If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2022-43460
References

  1. JVN : JVN#22830348
  2. National Vulnerability Database (NVD) : CVE-2022-43460
Revision History

  • [2023/01/31]
      Web page was published
  • [2024/06/12]
      References : Content was added

Date Public2023/01/31
Date First Published2023/01/31
Date Last Updated2024/06/12