CVE-2022-43460
https://notcve.org/view.php?id=CVE-2022-43460
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. • https://jvn.jp/en/jp/JVN22830348 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/0131_announce.html • CWE-522: Insufficiently Protected Credentials •
CVE-2022-26320
https://notcve.org/view.php?id=CVE-2022-26320
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (antes Fuji Xerox) anteriores a 2022-03-01, dispositivos Canon imagePROGRAF e imageRUNNER hasta 2022-03-14, y potencialmente muchos otros dispositivos, genera claves RSA que pueden romperse con el método de factorización de Fermat. Esto permite un cálculo eficiente de las claves RSA privadas a partir de la clave pública de un certificado TLS • https://fermatattack.secvuln.info https://global.canon/en/support/security/index.html https://safezoneswupdate.com https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html https://www.rambus.com/security/response-center/advisories/rmbs-2021-01 https://web.archive.org/web/20220922042721/https://safezoneswupdate.com • CWE-330: Use of Insufficiently Random Values •
CVE-2021-43774
https://notcve.org/view.php?id=CVE-2021-43774
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. Se ha detectado un problema de algoritmo riesgoso en los dispositivos Fujifilm DocuCentre-VI C4471 versión 1.8. Un atacante que obtuviera acceso a la interfaz web administrativa de una impresora (por ejemplo, usando las credenciales predeterminadas) puede descargar el archivo de la libreta de direcciones, que contiene la lista de usuarios (usuarios de dominio, usuarios de FTP, etc.) almacenados en la impresora, junto con sus contraseñas cifradas. • https://www.foregenix.com/blog https://www.foregenix.com/blogs-new-2021/dude-its-just-a-printer https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_addressbook_announce.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2019-10950
https://notcve.org/view.php?id=CVE-2019-10950
Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system. Vulnerabilidad en Fujifilm FCR Capsula X/Carbon X/FCR XC-2, versiones modelo CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR capsula X proporcionan servicios Telnet no seguros que carecen de requisitos de identificación. Un atacante que realice una operación con éxito a esta vulnerabilidad puede tener acceso al sistema operativo subyacente. • http://www.securityfocus.com/bid/108052 https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVE-2019-10948
https://notcve.org/view.php?id=CVE-2019-10948
Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted. Fujifilm FCR Capsula X/Carbon X/FCR XC-2, versiones del modelo CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X son susceptibles a una condición de denegación de servicio como resultado de un desbordamiento de paquetes TCP, lo que requiere que el dispositivo se reinicie manualmente. • https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01 • CWE-400: Uncontrolled Resource Consumption •