CVE-2023-46327
moderate-risk
Published 2023-11-02
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Do I need to act?
-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Primelink C9065 Firmware
Primelink C9070 Firmware
Primelink B9136 Firmware
Primelink B9125 Firmware
Primelink B9110 Firmware
Primelink B9100 Firmware
Versalink C405 Firmware
Versalink C505 Firmware
Versalink C605 Firmware
Versalink C7000 Firmware
Versalink C7020 Firmware
Versalink C7025 Firmware
Versalink C7030 Firmware
Versalink C7130 Firmware
Versalink C7125 Firmware
Versalink C7120 Firmware
Versalink B405 Firmware
Versalink B605 Firmware
Versalink B615 Firmware
Versalink B7125 Firmware
References (6)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU96482726/index.html
Vendor Advisory
https://security.business.xerox.com/en-us/documents/bulletins/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU96482726/index.html
Vendor Advisory
https://security.business.xerox.com/en-us/documents/bulletins/
49
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
30/34 · Critical