CVE & CISA-KEV Catalog

CVE-2021-20869

MEDIUM
6.5
CVSS v3
NVD

Description

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.

How to fix

Remediation Available
bizhub 224e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub 226i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 227 firmwareNVD
Affected:< gca-y0Fixed in:gca-y0CVE-2021-20869derived from NVD
bizhub 246i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 266i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 284e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub 287 firmwareNVD
Affected:< gca-y0Fixed in:gca-y0CVE-2021-20869derived from NVD
bizhub 300i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 306i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 308 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub 308e firmwareNVD
Affected:< gca-x8Fixed in:gca-x8CVE-2021-20869derived from NVD
bizhub 360i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 364e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub 368 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub 368e firmwareNVD
Affected:< gca-x8Fixed in:gca-x8CVE-2021-20869derived from NVD
bizhub 4050i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 4052 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub 450i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 454e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub 458 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub 458e firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub 4700i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 4750i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 4752 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub 550i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 554e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub 558 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub 558e firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub 650i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 654 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub 654e firmwareNVD
Affected:< gdr-m0Fixed in:gdr-m0CVE-2021-20869derived from NVD
bizhub 658e firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub 750i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub 754 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub 754e firmwareNVD
Affected:< gdr-m0Fixed in:gdr-m0CVE-2021-20869derived from NVD
bizhub 758 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub 808 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub 958 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub c224 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c224e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub c227 firmwareNVD
Affected:< gca-y0Fixed in:gca-y0CVE-2021-20869derived from NVD
bizhub c227i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c250i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c257i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c258 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub c284 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c284e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub c287 firmwareNVD
Affected:< gca-y0Fixed in:gca-y0CVE-2021-20869derived from NVD
bizhub c287i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c300i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c308 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub c3300i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c3320i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c3350i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c3351 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub c360i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c364 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c364e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub c368 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub c3851 firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub c3851fs firmwareNVD
Affected:< gca-x4Fixed in:gca-x4CVE-2021-20869derived from NVD
bizhub c4000i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c4050i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c450i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c454 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c454e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub c458 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub c550i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c554 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c554e firmwareNVD
Affected:< gdr-m1Fixed in:gdr-m1CVE-2021-20869derived from NVD
bizhub c558 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub c650i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c654 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c654e firmwareNVD
Affected:< gdr-m0Fixed in:gdr-m0CVE-2021-20869derived from NVD
bizhub c658 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub c659 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD
bizhub c750i firmwareNVD
Affected:< g00-e9Fixed in:g00-e9CVE-2021-20869derived from NVD
bizhub c754 firmwareNVD
Affected:< gr4-m0Fixed in:gr4-m0CVE-2021-20869derived from NVD
bizhub c754e firmwareNVD
Affected:< gdr-m0Fixed in:gdr-m0CVE-2021-20869derived from NVD
bizhub c759 firmwareNVD
Affected:< gca-y1Fixed in:gca-y1CVE-2021-20869derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.53%probability of exploitation in 30 days
41stpercentile

Moderate risk: more likely to be exploited than 41% of all known CVEs.

References

Third-Party Advisory2

Related Vulnerabilities

Other CWE-200 (Information Exposure) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-24919High8.6100%KEV + Ransom-
CVE-2020-14181Medium5.3100%-Fix
CVE-2021-34429Medium5.399%-Fix
CVE-2018-11409Medium5.398%--
CVE-2021-41277Critical10.097%KEV-
CVE-2016-2183High7.596%-Fix
Embed a live status badge for CVE-2021-20869
CVE-2021-20869 severity badge

Markdown

[![CVE-2021-20869](https://tridentstack.com/cve/badge/CVE-2021-20869.svg)](https://tridentstack.com/cve/CVE-2021-20869)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-20869"><img src="https://tridentstack.com/cve/badge/CVE-2021-20869.svg" alt="CVE-2021-20869"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.