CVE-2022-29586
moderate-risk
Published 2022-05-16
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10
High
PHYSICAL
/ LOW complexity
Affected Products (20)
Bizhub 226I Firmware
Bizhub 227 Firmware
Bizhub 246I Firmware
Bizhub 287 Firmware
Bizhub 306I Firmware
Bizhub 308 Firmware
Bizhub 308E Firmware
Bizhub 367 Firmware
Bizhub 368 Firmware
Bizhub 368E Firmware
Bizhub 4052 Firmware
Bizhub 458 Firmware
Bizhub 458E Firmware
Bizhub 4752 Firmware
Bizhub 558 Firmware
Bizhub 558E Firmware
Bizhub 658E Firmware
Bizhub 758 Firmware
Bizhub 808 Firmware
Bizhub 958 Firmware
Affected Vendors
References (4)
Third Party Advisory
https://sec-consult.com/vulnerability-lab/
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-acce...
Third Party Advisory
https://sec-consult.com/vulnerability-lab/
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/sandbox-escape-with-root-acce...
48
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
0/34 · Minimal
Exposure
25/34 · High