CVE-2021-43774
high-risk
Published 2022-03-03
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Apeosport-Iv 7080 Firmware
Apeosport-Iv 6080 Firmware
Apeosport-Iv 5080 Firmware
Apeosport-Iv 3065 Firmware
Apeosport-Iv 3060 Firmware
Apeosport-Iv 2060 Firmware
Apeosport-Iv 5070 Firmware
Apeosport-Iv 4070 Firmware
Apeosport-Iv 3070 Firmware
Apeosport-Iv C4430 Firmware
Apeosport-Iv C5570 Firmware
Apeosport-Iv C4470 Firmware
Apeosport-Iv C3370 Firmware
Apeosport-Iv C2270 Firmware
Apeosport-Iv C5575 Firmware
Apeosport-Iv C4475 Firmware
Apeosport-Iv C3375 Firmware
Apeosport-Iv C2275 Firmware
Apeosport-Iv C7780 Firmware
Apeosport-Iv C6680 Firmware
Affected Vendors
References (6)
Not Applicable
https://www.foregenix.com/blog
Not Applicable
https://www.foregenix.com/blog
54
/ 100
high-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical