CVE-2023-46327 — MEDIUM (5.9)

Q: How severe is CVE-2023-46327?

CVE-2023-46327 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-46327?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Primelink C9065 Firmware, Xerox Primelink C9065, Xerox Primelink C9070 Firmware, Xerox Primelink C9070, Xerox Primelink B9136 Firmware.

Vulnerability Description

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xerox	Primelink C9065 Firmware	< 85.40.31
Xerox	Primelink C9065	-
Xerox	Primelink C9070 Firmware	< 85.40.31
Xerox	Primelink C9070	-
Xerox	Primelink B9136 Firmware	< 90.40.91
Xerox	Primelink B9136	-
Xerox	Primelink B9125 Firmware	< 90.40.91
Xerox	Primelink B9125	-
Xerox	Primelink B9110 Firmware	< 90.40.91
Xerox	Primelink B9110	-
Xerox	Primelink B9100 Firmware	< 90.40.91
Xerox	Primelink B9100	-
Xerox	Versalink C405 Firmware	< 68.81.41
Xerox	Versalink C405	-
Xerox	Versalink C505 Firmware	< 68.81.41
Xerox	Versalink C505	-
Xerox	Versalink C605 Firmware	< 68.81.41
Xerox	Versalink C605	-
Xerox	Versalink C7000 Firmware	< 56.74.51
Xerox	Versalink C7000	-

Related Weaknesses (CWE)

CWE-287

References

https://jvn.jp/en/vu/JVNVU96482726/index.htmlThird Party Advisory
https://security.business.xerox.com/en-us/documents/bulletins/Vendor Advisory
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_Vendor Advisory
https://jvn.jp/en/vu/JVNVU96482726/index.htmlThird Party Advisory
https://security.business.xerox.com/en-us/documents/bulletins/Vendor Advisory
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_Vendor Advisory

FAQ

What is CVE-2023-46327?

CVE-2023-46327 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the...

How severe is CVE-2023-46327?

CVE-2023-46327 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-46327?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Primelink C9065 Firmware, Xerox Primelink C9065, Xerox Primelink C9070 Firmware, Xerox Primelink C9070, Xerox Primelink B9136 Firmware.