CVE-2023-46327

medium

Description

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

References

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_announce.html

https://security.business.xerox.com/en-us/documents/bulletins/

https://jvn.jp/en/vu/JVNVU96482726/index.html

Details

Source: Mitre, NVD

Published: 2023-11-02

Updated: 2023-11-09

Risk Information

CVSS v2

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium