Skip to main content

Docucentre Vii C7773 Firmware CVE-2021-20679

HIGH
2021-03-25 vultures@jpcert.or.jp
Denial Of Service Docucentre Vii C7773 Firmware Docucentre Vii C6673 Firmware Docucentre Vii C5573 Firmware Docucentre Vii C4473 Firmware Docucentre Vii C3373 Firmware Docucentre Vii C3372 Firmware Docucentre Vii C2273 Firmware Apeosport C2570 Firmware Apeosport Vii C4422 Firmware Apeosport Vii C3322 Firmware Apeosport C2360 Firmware Apeosport C2060 Firmware Apeosport Vii Cp4422 Firmware Apeosport Vii Cp3322 Firmware Apeosport Print C4570 Firmware Apeosport 3570 Firmware Apeosport 1860 Firmware Apeosport Vii 5022 Firmware Apeosport Vii P4022 Firmware Docucentre Vi C2264 Firmware Docuprint Cp500 D Firmware Docucentre Vii C7788 Firmware Docucentre Vii C6688 Firmware Docucentre Vii C5588 Firmware Apeosport Vii C7773 Firmware Apeosport Vii C6673 Firmware Apeosport Vii C5573 Firmware Apeosport Vii C4473 Firmware Apeosport Vii C3373 Firmware Apeosport Vii C3372 Firmware Apeosport Vii C2273 Firmware Apeosport Vii C7788 Firmware Apeosport Vii C6688 Firmware Apeosport Vii C5588 Firmware Apeosport C7070 Firmware Apeosport C6570 Firmware Apeosport C5570 Firmware Apeosport C4570 Firmware Apeosport C3570 Firmware Apeosport C3070 Firmware Apeosport C7070G Firmware Apeosport C6570G Firmware Apeosport C5570G Firmware Apeosport C4570G Firmware Apeosport C3570G Firmware Apeosport C3070G Firmware Apeosport Vii C4421 Firmware Apeosport Vii C3321 Firmware Apeosport C3060 Firmware Apeosport C2560 Firmware Apeosport C3060G Firmware Apeosport C2560G Firmware Apeosport C2060G Firmware Apeosport Vii Cp4421 Firmware Apeosport Print C5570 Firmware Apeosport 5570 Firmware Apeosport 4570 Firmware Apeosport 5570G Firmware Apeosport 4570G Firmware Apeosport 3560 Firmware Apeosport 3060 Firmware Apeosport 2560 Firmware Apeosport 3560G Firmware Apeosport 3060G Firmware Apeosport 2560G Firmware Apeosport Vii 5021 Firmware Apeosport Vii 4021 Firmware Apeosport Vii P5021 Firmware Docuprint Cp 555 D Firmware Docuprint Cp 505 D Firmware Docuprint P505 D Firmware Primelink C9065 Firmware Primelink C9070 Firmware Docuprint Cp475Ap Firmware Docuprint P475Ap Firmware
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 25, 2021 - 06:15 nvd
HIGH 7.5

DescriptionNVD

Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command.

AnalysisAI

Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command. Affected products include: Fujixerox Docucentre-Vii C7773 Firmware, Fujixerox Docucentre-Vii C6673 Firmware, Fujixerox Docucentre-Vii C5573 Firmware, Fujixerox Docucentre-Vii C4473 Firmware, Fujixerox Docucentre-Vii C3373 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2021-20679 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy