CVE-2022-26320 — CRITICAL (9.1)

Q: How severe is CVE-2022-26320?

CVE-2022-26320 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-26320?

Check the references section above for vendor advisories and patch information. Affected products include: Rambus Safezone Basic Crypto Module, Fujifilm Apeos C7070 Firmware, Fujifilm Apeos C7070, Fujifilm Apeos C6570 Firmware, Fujifilm Apeos C6570.

Vulnerability Description

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Rambus	Safezone Basic Crypto Module	>= 9.3.0, < 10.4.0
Fujifilm	Apeos C7070 Firmware	< 1.1.7
Fujifilm	Apeos C7070	-
Fujifilm	Apeos C6570 Firmware	< 1.1.7
Fujifilm	Apeos C6570	-
Fujifilm	Apeos C5570 Firmware	< 1.1.7
Fujifilm	Apeos C5570	-
Fujifilm	Apeos C4570 Firmware	< 1.1.7
Fujifilm	Apeos C4570	-
Fujifilm	Apeos C3570 Firmware	< 1.1.7
Fujifilm	Apeos C3570	-
Fujifilm	Apeos C3070 Firmware	< 1.1.7
Fujifilm	Apeos C3070	-
Fujifilm	Apeos C7070 G Firmware	< 1.1.7
Fujifilm	Apeos C7070 G	-
Fujifilm	Apeos C6570 G Firmware	< 1.1.7
Fujifilm	Apeos C6570 G	-
Fujifilm	Apeos C5570 G Firmware	< 1.1.7
Fujifilm	Apeos C5570 G	-
Fujifilm	Apeos C4570 G Firmware	< 1.1.7

Related Weaknesses (CWE)

CWE-330

References

https://fermatattack.secvuln.infoThird Party Advisory
https://global.canon/en/support/security/index.htmlThird Party Advisory
https://web.archive.org/web/20220922042721/https://safezoneswupdate.com/
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_annouMitigationThird Party Advisory
https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/
https://fermatattack.secvuln.infoThird Party Advisory
https://global.canon/en/support/security/index.htmlThird Party Advisory
https://safezoneswupdate.com
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_annouMitigationThird Party Advisory

FAQ

What is CVE-2022-26320?

CVE-2022-26320 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and p...

How severe is CVE-2022-26320?

CVE-2022-26320 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-26320?

Check the references section above for vendor advisories and patch information. Affected products include: Rambus Safezone Basic Crypto Module, Fujifilm Apeos C7070 Firmware, Fujifilm Apeos C7070, Fujifilm Apeos C6570 Firmware, Fujifilm Apeos C6570.