CVE-2021-20679

high-risk
Published 2021-03-25

Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command.

Do I need to act?

-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Apeosport-Vii C3321 Firmware
Apeosport C3060 Firmware
Apeosport C2560 Firmware
Apeosport C3060G Firmware
Apeosport C2560G Firmware
Apeosport C2060G Firmware
Apeosport-Vii Cp4421 Firmware
Apeosport Print C5570 Firmware
Apeosport 5570 Firmware
Apeosport 4570 Firmware
Apeosport 5570G Firmware
Apeosport 4570G Firmware
Apeosport 3560 Firmware
Apeosport 3060 Firmware
Apeosport 2560 Firmware
Apeosport 3560G Firmware
Apeosport 3060G Firmware
Apeosport 2560G Firmware
Apeosport-Vii 5021 Firmware
Apeosport-Vii 4021 Firmware

Affected Vendors

Fujixerox

References (6)

Third Party Advisory https://jvn.jp/en/jp/JVN37607293/index.html
Vendor Advisory https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html
Vendor Advisory https://www.fujixerox.com/eng/company/news/notice/2021/0319_announce.html
Third Party Advisory https://jvn.jp/en/jp/JVN37607293/index.html
Vendor Advisory https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html
Vendor Advisory https://www.fujixerox.com/eng/company/news/notice/2021/0319_announce.html
56
/ 100
high-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 28/34 · Critical