Skip to main content

Safezone Basic Crypto Module CVE-2022-26320

CRITICAL
Use of Insufficiently Random Values (CWE-330)
2022-03-14 cve@mitre.org
Information Disclosure Safezone Basic Crypto Module Apeos C7070 Firmware Apeos C6570 Firmware Apeos C5570 Firmware Apeos C4570 Firmware Apeos C3570 Firmware Apeos C3070 Firmware Apeos C7070 G Firmware Apeos C6570 G Firmware Apeos C5570 G Firmware Apeos C4570 G Firmware Apeos C3570 G Firmware Apeos C3070 G Firmware Apeos C328 Df Firmware Apeos C328 Dw Firmware Apeos C325 Dw Firmware Apeos C325 Z Firmware Apeos C8180 Firmware Apeos C7580 Firmware Apeos C6580 Firmware Apeosport 3560 Firmware Apeosport 3060 Firmware Apeosport 2560 Firmware Apeosport 3560 G Firmware Apeosport 3060 G Firmware Apeosport 2560 G Firmware Apeosport 4570 G Firmware Apeosport 5570 G Firmware Apeosport 4570 Firmware Apeosport 5570 Firmware Apeosport C3060 Firmware Apeosport C2560 Firmware Apeosport C2060 Firmware Apeosport C2560 G Firmware Apeosport C2060 G Firmware Apeosport C7070 Firmware Apeosport C4570 Firmware Apeosport C3570 Firmware Apeosport C3070 Firmware Apeosport C6570 Firmware Apeosport C5570 Firmware Apeosport C7070 G Firmware Apeosport C4570 G Firmware Apeosport C3570 G Firmware Apeosport C3070 G Firmware Apeosport C6570 G Firmware Apeosport C5570 G Firmware Apeosport Print C5570 Firmware Apeosport Vii 5021 Firmware Apeosport Vii P4021 Firmware Apeosport Vii 4021 Firmware Apeosport Vii Cp4421 Firmware Apeosport Vii C4421 Firmware Apeosport Vii C3321 Firmware Apeosport Vii C7773 Firmware Apeosport Vii C6773 Firmware Apeosport Vii C5573 Firmware Apeosport Vii C4473 Firmware Apeosport Vii C3373 Firmware Apeosport Vii C3372 Firmware Apeosport Vii C2273 Firmware Apeosport Vii C7788 Firmware Apeosport Vii C6688 Firmware Apeosport Vii C5588 Firmware Apeospro C810 Firmware Apeospro C750 Firmware Apeospro C650 Firmware Apeosprint C328 Firmware Apeosprint C328 Dw Firmware Apeosprint C325 Dw Firmware Docucentre Vii C7773 Firmware Docucentre Vii C6673 Firmware Docucentre Vii C5573 Firmware Docucentre Vii C4473 Firmware Docucentre Vii C3373 Firmware Docucentre Vii C3372 Firmware Docucentre Vii C2273 Firmware Docucentre Vii C7788 Firmware Docucentre Vii C6688 Firmware Docucentre Vii C5588 Firmware Docuprint 4405 D Firmware Docuprint 4408 D Firmware Docuprint 3505 D Firmware Docuprint 3508 D Firmware Docuprint 3205 D Firmware Docuprint 3208 D Firmware Docuprint C3555 D Firmware Docuprint C2555 D Firmware Primelink C9070 Firmware Primelink C9065 Firmware Imagerunner Firmware Imageprograf Firmware
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 14, 2022 - 18:15 nvd
CRITICAL 9.1

DescriptionNVD

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

AnalysisAI

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-330. The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Affected products include: Rambus Safezone Basic Crypto Module, Fujifilm Apeos C7070 Firmware, Fujifilm Apeos C6570 Firmware, Fujifilm Apeos C5570 Firmware, Fujifilm Apeos C4570 Firmware. Version information: before 10.4.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-26320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy