All the vulnerabilites related to Xerox - (multiple product)
jvndb-2023-004919
Vulnerability from jvndb
Published
2023-11-02 17:21
Modified
2024-05-07 15:25
Severity ?
Summary
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
Details
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).
Kunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.
FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU96482726/ | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-46327 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-46327 | |
| Use of Weak Credentials(CWE-1391) | https://cwe.mitre.org/data/definitions/1391.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
"dc:date": "2024-05-07T15:25+09:00",
"dcterms:issued": "2023-11-02T17:21+09:00",
"dcterms:modified": "2024-05-07T15:25+09:00",
"description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).\r\n\r\nKunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
"sec:cpe": [
{
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "Xerox",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-004919",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96482726/",
"@id": "JVNVU#96482726",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-46327",
"@id": "CVE-2023-46327",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46327",
"@id": "CVE-2023-46327",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1391.html",
"@id": "CWE-1391",
"@title": "Use of Weak Credentials(CWE-1391)"
}
],
"title": "FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength"
}