| [Japanese] | |
JVNDB-2023-004919 | |
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength | |
| Overview | |
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391). | |
| CVSS Severity (What is CVSS?) | |
|
CVSS V3 Severity:
Base Metrics 5.4 (Medium) [Other]
Comment
This CVSSv3 Score was assessed based on the assumed attack scenario below.
1) An attacker obtains the exported Address Book data
2) Tamper a file on the sever by obtaining the credentials used for connecting to the sever where the scanned data is saved
| |
| Affected Products | |
As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below. * FUJIFILM Business Inovation Corp. * Xerox Corporation | |
Xerox | |
|
| |
| Impact | |
With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. | |
| Solution | |
[Update the firmware] | |
| Vendor Information | |
Xerox FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.) | |
| CWE (What is CWE?) | |
|
| |
| CVE (What is CVE?) | |
|
| |
| References | |
| |
| Revision History | |
|
| Date Public | 2023/11/01 |
| Date First Published | 2023/11/02 |
| Date Last Updated | 2024/05/07 |
