CVE & CISA-KEV Catalog

CVE-2023-46327

MEDIUM
5.9
CVSS v3
NVD

Description

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

How to fix

Remediation Available
apeos 4830 firmwareNVD
Affected:< 1.20.9Fixed in:1.20.9CVE-2023-46327derived from NVD
apeos 5330 firmwareNVD
Affected:< 1.20.9Fixed in:1.20.9CVE-2023-46327derived from NVD
apeos 6580 firmwareNVD
Affected:< 1.26.9Fixed in:1.26.9CVE-2023-46327derived from NVD
apeos 7580 firmwareNVD
Affected:< 1.26.9Fixed in:1.26.9CVE-2023-46327derived from NVD
apeos c3530 firmwareNVD
Affected:< 1.20.10Fixed in:1.20.10CVE-2023-46327derived from NVD
apeos c4030 firmwareNVD
Affected:< 1.20.10Fixed in:1.20.10CVE-2023-46327derived from NVD
apeosport-vii 4021 firmwareNVD
Affected:>= 1.60.3, < 1.60.16Fixed in:1.60.16CVE-2023-46327derived from NVD
apeosport-vii 5021 firmwareNVD
Affected:>= 1.60.3, < 1.60.16Fixed in:1.60.16CVE-2023-46327derived from NVD
apeosport-vii c3321 firmwareNVD
Affected:>= 1.60.3, < 1.60.16Fixed in:1.60.16CVE-2023-46327derived from NVD
apeosport-vii c4421 firmwareNVD
Affected:>= 1.60.3, < 1.60.16Fixed in:1.60.16CVE-2023-46327derived from NVD
primelink b9100 firmwareNVD
Affected:< 90.40.91Fixed in:90.40.91CVE-2023-46327derived from NVD
primelink b9110 firmwareNVD
Affected:< 90.40.91Fixed in:90.40.91CVE-2023-46327derived from NVD
primelink b9125 firmwareNVD
Affected:< 90.40.91Fixed in:90.40.91CVE-2023-46327derived from NVD
primelink b9136 firmwareNVD
Affected:< 90.40.91Fixed in:90.40.91CVE-2023-46327derived from NVD
primelink c9065 firmwareNVD
Affected:< 85.40.31Fixed in:85.40.31CVE-2023-46327derived from NVD
Affected:< 1.145.4Fixed in:1.145.4CVE-2023-46327derived from NVD
primelink c9070 firmwareNVD
Affected:< 1.145.4Fixed in:1.145.4CVE-2023-46327derived from NVD
Affected:< 85.40.31Fixed in:85.40.31CVE-2023-46327derived from NVD
revoria press sc170 firmwareNVD
Affected:< 1.22.8Fixed in:1.22.8CVE-2023-46327derived from NVD
revoria press sc180 firmwareNVD
Affected:< 1.22.8Fixed in:1.22.8CVE-2023-46327derived from NVD
versalink b405 firmwareNVD
Affected:< 38.81.41Fixed in:38.81.41CVE-2023-46327derived from NVD
versalink b605 firmwareNVD
Affected:< 38.81.41Fixed in:38.81.41CVE-2023-46327derived from NVD
versalink b615 firmwareNVD
Affected:< 38.81.41Fixed in:38.81.41CVE-2023-46327derived from NVD
versalink b7125 firmwareNVD
Affected:< 59.23.41Fixed in:59.23.41CVE-2023-46327derived from NVD
versalink b7130 firmwareNVD
Affected:< 59.23.41Fixed in:59.23.41CVE-2023-46327derived from NVD
versalink b7135 firmwareNVD
Affected:< 59.23.41Fixed in:59.23.41CVE-2023-46327derived from NVD
versalink c405 firmwareNVD
Affected:< 68.81.41Fixed in:68.81.41CVE-2023-46327derived from NVD
versalink c505 firmwareNVD
Affected:< 68.81.41Fixed in:68.81.41CVE-2023-46327derived from NVD
versalink c605 firmwareNVD
Affected:< 68.81.41Fixed in:68.81.41CVE-2023-46327derived from NVD
versalink c7000 firmwareNVD
Affected:< 56.74.51Fixed in:56.74.51CVE-2023-46327derived from NVD
versalink c7020 firmwareNVD
Affected:< 57.74.51Fixed in:57.74.51CVE-2023-46327derived from NVD
versalink c7025 firmwareNVD
Affected:< 57.74.51Fixed in:57.74.51CVE-2023-46327derived from NVD
versalink c7030 firmwareNVD
Affected:< 57.74.51Fixed in:57.74.51CVE-2023-46327derived from NVD
versalink c7120 firmwareNVD
Affected:< 69.23.41Fixed in:69.23.41CVE-2023-46327derived from NVD
versalink c7125 firmwareNVD
Affected:< 69.23.41Fixed in:69.23.41CVE-2023-46327derived from NVD
versalink c7130 firmwareNVD
Affected:< 69.23.41Fixed in:69.23.41CVE-2023-46327derived from NVD
workcentre 6515 firmwareNVD
Affected:< 65.74.51Fixed in:65.74.51CVE-2023-46327derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.35%probability of exploitation in 30 days
27thpercentile

Low risk: more likely to be exploited than 27% of all known CVEs.

References

Third-Party Advisory1

Related Vulnerabilities

Other CWE-287 (Improper Authentication) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-35082Critical9.8100%KEV + RansomFix
CVE-2023-35078Critical9.8100%KEV + RansomFix
CVE-2017-7921Critical9.8100%KEV-
CVE-2024-7593Critical9.8100%KEV-
CVE-2023-46805High8.2100%KEV + Ransom-
CVE-2022-40684Critical9.8100%KEV + RansomFix
Embed a live status badge for CVE-2023-46327
CVE-2023-46327 severity badge

Markdown

[![CVE-2023-46327](https://tridentstack.com/cve/badge/CVE-2023-46327.svg)](https://tridentstack.com/cve/CVE-2023-46327)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-46327"><img src="https://tridentstack.com/cve/badge/CVE-2023-46327.svg" alt="CVE-2023-46327"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.