CVE-2023-46327
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
02/11/2023
Last modified:
09/11/2023
Description
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:xerox:primelink_c9065_firmware:*:*:*:*:*:*:*:* | 85.40.31 (excluding) | |
| cpe:2.3:h:xerox:primelink_c9065:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:primelink_c9070_firmware:*:*:*:*:*:*:*:* | 85.40.31 (excluding) | |
| cpe:2.3:h:xerox:primelink_c9070:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:primelink_b9136_firmware:*:*:*:*:*:*:*:* | 90.40.91 (excluding) | |
| cpe:2.3:h:xerox:primelink_b9136:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:primelink_b9125_firmware:*:*:*:*:*:*:*:* | 90.40.91 (excluding) | |
| cpe:2.3:h:xerox:primelink_b9125:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:primelink_b9110_firmware:*:*:*:*:*:*:*:* | 90.40.91 (excluding) | |
| cpe:2.3:h:xerox:primelink_b9110:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:primelink_b9100_firmware:*:*:*:*:*:*:*:* | 90.40.91 (excluding) | |
| cpe:2.3:h:xerox:primelink_b9100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:versalink_c405_firmware:*:*:*:*:*:*:*:* | 68.81.41 (excluding) | |
| cpe:2.3:h:xerox:versalink_c405:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:xerox:versalink_c505_firmware:*:*:*:*:*:*:*:* | 68.81.41 (excluding) |
To consult the complete list of CPE names with products and versions, see this page