Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-43774
HistoryMar 03, 2022 - 3:15 p.m.

CVE-2021-43774

2022-03-0315:15:00
CWE-327
[email protected]
web.nvd.nist.gov
70
2
cve-2021-43774
fujifilm
docucentre-vi c4471 1.8
weak cipher
password retrieval
nvd
security issue

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.4%

JSON

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.

CPENameOperatorVersion
fujifilm:apeosport-iv_7080_firmwarefujifilm apeosport-iv 7080 firmwareeq-
fujifilm:apeosport-iv_6080_firmwarefujifilm apeosport-iv 6080 firmwareeq-
fujifilm:apeosport-iv_5080_firmwarefujifilm apeosport-iv 5080 firmwareeq-
fujifilm:apeosport-iv_3065_firmwarefujifilm apeosport-iv 3065 firmwarelt1.160.5
fujifilm:apeosport-iv_3060_firmwarefujifilm apeosport-iv 3060 firmwarelt1.160.5
fujifilm:apeosport-iv_2060_firmwarefujifilm apeosport-iv 2060 firmwarelt1.160.5
fujifilm:apeosport-iv_5070_firmwarefujifilm apeosport-iv 5070 firmwarelt1.140.5
fujifilm:apeosport-iv_4070_firmwarefujifilm apeosport-iv 4070 firmwarelt1.140.5
fujifilm:apeosport-iv_3070_firmwarefujifilm apeosport-iv 3070 firmwarelt1.140.5
fujifilm:apeosport-iv_c4430_firmwarefujifilm apeosport-iv c4430 firmwarelt1.772.4
Rows per page:
1-10 of 1601

Social References

More

Related

cvelist 1
prion 1
openvas 1
cvelist
cvelist
CVE-2021-43774
2022-03-03 14:32:36
prion
prion
Default credentials
2022-03-03 15:15:00
openvas
openvas
Fujifilm / Fuji Xerox Printers Cryptography Vulnerability (Mar 2022)
2022-03-17 00:00:00

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.4%

JSON
Related for CVE-2021-43774
cvelist1prion1openvas1