Skip to main content

Primelink C9065 Firmware CVE-2023-46327

MEDIUM
Improper Authentication (CWE-287)
2023-11-02 vultures@jpcert.or.jp
Authentication Bypass Primelink C9065 Firmware Primelink C9070 Firmware Primelink B9136 Firmware Primelink B9125 Firmware Primelink B9110 Firmware Primelink B9100 Firmware Versalink C405 Firmware Versalink C505 Firmware Versalink C605 Firmware Versalink C7000 Firmware Versalink C7020 Firmware Versalink C7025 Firmware Versalink C7030 Firmware Versalink C7130 Firmware Versalink C7125 Firmware Versalink C7120 Firmware Versalink B405 Firmware Versalink B605 Firmware Versalink B615 Firmware Versalink B7125 Firmware Versalink B7130 Firmware Versalink B7135 Firmware Workcentre 6515 Firmware Apeos 3560 Firmware Apeos 3060 Firmware Apeos 2560 Firmware Apeos 3560 Gk Firmware Apeos 3060 Gk Firmware Apeos 2560 Gk Firmware Apeos 5330 Firmware Apeos 4830 Firmware Apeos 5570 Firmware Apeos 4570 Firmware Apeos 6340 Firmware Apeos 7580 Firmware Apeos 6580 Firmware Apeos C2570 Firmware Apeos C3070 Firmware Apeos C3570 Firmware Apeos C4570 Firmware Apeos C5570 Firmware Apeos C6570 Firmware Apeos C7070 Firmware Apeos C3060 Firmware Apeos C2060 Firmware Apeos C2560 Firmware Apeos C3060 Gk Firmware Apeos C2560 Gk Firmware Apeos C2060 Gk Firmware Apeos C4030 Firmware Apeos C3530 Firmware Apeos C5240 Firmware Apeos C8180 Firmware Apeos C7580 Firmware Apeos C6580 Firmware Apeosport C3060 Firmware Apeosport C2560 Firmware Apeosport C2060 Firmware Apeosport C3060 G Firmware Apeosport C2560 G Firmware Apeosport C2060 G Firmware Apeosport 3560 Firmware Apeosport 3060 Firmware Apeosport 2560 Firmware Apeosport 3560 G Firmware Apeosport 3060 G Firmware Apeosport 2560 G Firmware Apeosport 5570 Firmware Apeosport 4570 Firmware Apeosport 3570 Firmware Apeosport 5570 G Firmware Apeosport 4570 G Firmware Apeosport C7070 Firmware Apeosport C6570 Firmware Apeosport C5570 Firmware Apeosport C4570 Firmware Apeosport C3570 Firmware Apeosport C3070 Firmware Apeosport Vii 5021 Firmware Apeosport Vii 4021 Firmware Apeosport Vii C4421 Firmware Apeosport Vii C3321 Firmware Apeospro C810 Firmware Apeospro C750 Firmware Apeospro C650 Firmware Revoria Press E1136 Firmware Revoria Press E1125 Firmware Revoria Press E1110 Firmware Revoria Press E1100 Firmware Revoria Press Sc180 Firmware Revoria Press Sc170 Firmware
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 02, 2023 - 03:15 nvd
MEDIUM 5.9

DescriptionNVD

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

AnalysisAI

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Affected products include: Xerox Primelink C9065 Firmware, Xerox Primelink C9070 Firmware, Xerox Primelink B9136 Firmware, Xerox Primelink B9125 Firmware, Xerox Primelink B9110 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

Share

CVE-2023-46327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy