CVSS: 9.1EPSS: 0%CPEs: 183EXPL: 0CVE-2022-26320
https://notcve.org/view.php?id=CVE-2022-26320
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus SafeZone Basic Crypto Module anterior a la versión 10.4.0, utilizado en algunos dispositivos Fujifilm (antes Fuji Xerox) anteriores a 2022-03-01, dispositivos Canon imagePROGRAF e imageRUNNER hasta 2022-03-14, y potencialmente muchos otros dispositivos, genera claves RSA que pueden romperse con el método de factorización de Fermat. Esto permite un cálculo eficiente de las claves RSA privadas a partir de la clave pública de un certificado TLS • https://fermatattack.secvuln.info https://global.canon/en/support/security/index.html https://safezoneswupdate.com https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html https://www.rambus.com/security/response-center/advisories/rmbs-2021-01 https://web.archive.org/web/20220922042721/https://safezoneswupdate.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.4EPSS: 1%CPEs: 70EXPL: 0CVE-2008-0303
https://notcve.org/view.php?id=CVE-2008-0303
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. La característica de impresión FTP en múltiples impresoras Canon, incluyendo imageRUNNER e imagePRESS, permite a atacantes remotos utilizar el servidor como un proxy inadvertido a través de un comando PORT modificado, también conocido como salto FTP. • http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack http://jvn.jp/en/jp/JVN10056705/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html http://securitytracker.com/id?1019528 http://www.kb.cert.org/vuls/id/568073 http://www.securityfocus.com/bid/28042 http://www.usa.canon.com/html/security/pdf/CVA-001.pdf •
CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0CVE-2006-4680
https://notcve.org/view.php?id=CVE-2006-4680
The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. El interfaz de usuario remoto de Canon imageRUNNER incluye nombres de usuario y contraseñas cuando se exportan una libreta de direcciones, lo que permite a un atacante dependiente del contexto obtener información sensible. • http://secunia.com/advisories/21788 http://securityreason.com/securityalert/1538 http://www.securityfocus.com/archive/1/445302/100/0/threaded http://www.securityfocus.com/archive/1/445532/100/0/threaded http://www.securityfocus.com/bid/19865 http://www.vupen.com/english/advisories/2006/3501 https://exchange.xforce.ibmcloud.com/vulnerabilities/28795 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2166
https://notcve.org/view.php?id=CVE-2004-2166
The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25. • http://secunia.com/advisories/12659 http://www.securityfocus.com/archive/1/376242 http://www.securityfocus.com/bid/11247 https://exchange.xforce.ibmcloud.com/vulnerabilities/17512 •