Bizhub 226I Firmware
CVE-2022-29587
MEDIUM
Severity by source
AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.
AnalysisAI
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. Rated medium severity (CVSS 4.0). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. Affected products include: Konicaminolta Bizhub 226I Firmware, Konicaminolta Bizhub 227 Firmware, Konicaminolta Bizhub 246I Firmware, Konicaminolta Bizhub 287 Firmware, Konicaminolta Bizhub 306I Firmware. Version information: before 2022.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Bizhub 226I Firmware
View allKonica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. Rated high severity (CVSS 7.4), this vulnera
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today