CVE-2023-46327

Summary

CVE-2023-46327: Multiple FUJIFILM and Xerox multifunction printers are found to have insufficient encryption strength in their Address Book export feature. The vulnerability allows an attacker, with knowledge of the encryption process and key, to obtain sensitive information such as server credentials from the exported Address Book data. Affected product details can be found in the vendors' respective advisories. [References] This vulnerability, identified as CVE-2023-46327, impacts multiple models of multifunction printers from FUJIFILM Business Innovation Corp. and Xerox Corporation. The encryption used to secure the Address Book data during export is deemed insufficient, enabling unauthorized access to the information if the encryption key is known. The vulnerability potentially exposes sensitive data, such as server credentials, to attackers. For a comprehensive list of affected product names, models, and versions, refer to the advisories issued by the vendors. [References] A security vulnerability, CVE-2023-46327, has been discovered in certain multifunction printers supplied by FUJIFILM Business Innovation Corp. and Xerox Corporation. The Address Book export feature, which encrypts the data, uses an encryption strength that is no longer considered secure. Malicious actors who gain knowledge of the encryption process and key can access sensitive data, like server credentials, from the exported Address Book data. The specific product details and versions can be found in the notices released by the respective vendors. [References] CVE-2023-46327 represents a security vulnerability affecting certain multifunction printers from FUJIFILM Business Innovation Corp. and Xerox Corporation. The exported Address Book data, encrypted for secure transmission, is found to have weak encryption strength. An attacker with the encryption key and knowledge of the process can access sensitive information, including server credentials, from the exposed data. To learn more about the affected products and their versions, consult the advisories published by the respective vendors. [References] FUJIFILM Business Innovation Corp. and Xerox Corporation have disclosed a vulnerability, CVE-2023-46327, in their multifunction printers' Address Book export feature. The data, which is encrypted during transmission, is found to have insufficient encryption strength. Attackers who have obtained the encryption key and process details can access sensitive information like server credentials from the exported Address Book data. Users should refer to the product advisories from the vendors for information on affected models and versions. [References]

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.