Lucene search

[email protected]CVE-2022-26320

HistoryMar 14, 2022 - 6:15 p.m.

CVE-2022-26320

2022-03-1418:15:00

CWE-330

[email protected]

web.nvd.nist.gov

199

cve-2022-26320

rambus safezone

crypto module

rsa keys

fermat's factorization method

tls certificate

nvd

fujifilm

canon

imageprograf

imagerunner

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat’s factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

CPENameOperatorVersion
rambus:safezone_basic_crypto_modulerambus safezone basic crypto modulelt10.4.0
fujifilm:apeos_c7070_firmwarefujifilm apeos c7070 firmwarelt1.1.7
fujifilm:apeos_c6570_firmwarefujifilm apeos c6570 firmwarelt1.1.7
fujifilm:apeos_c5570_firmwarefujifilm apeos c5570 firmwarelt1.1.7
fujifilm:apeos_c4570_firmwarefujifilm apeos c4570 firmwarelt1.1.7
fujifilm:apeos_c3570_firmwarefujifilm apeos c3570 firmwarelt1.1.7
fujifilm:apeos_c3070_firmwarefujifilm apeos c3070 firmwarelt1.1.7
fujifilm:apeos_c7070_g_firmwarefujifilm apeos c7070 g firmwarelt1.1.7
fujifilm:apeos_c6570_g_firmwarefujifilm apeos c6570 g firmwarelt1.1.7
fujifilm:apeos_c5570_g_firmwarefujifilm apeos c5570 g firmwarelt1.1.7

CPE	Name	Operator	Version
rambus:safezone_basic_crypto_module	rambus safezone basic crypto module	lt	10.4.0
fujifilm:apeos_c7070_firmware	fujifilm apeos c7070 firmware	lt	1.1.7
fujifilm:apeos_c6570_firmware	fujifilm apeos c6570 firmware	lt	1.1.7
fujifilm:apeos_c5570_firmware	fujifilm apeos c5570 firmware	lt	1.1.7
fujifilm:apeos_c4570_firmware	fujifilm apeos c4570 firmware	lt	1.1.7
fujifilm:apeos_c3570_firmware	fujifilm apeos c3570 firmware	lt	1.1.7
fujifilm:apeos_c3070_firmware	fujifilm apeos c3070 firmware	lt	1.1.7
fujifilm:apeos_c7070_g_firmware	fujifilm apeos c7070 g firmware	lt	1.1.7
fujifilm:apeos_c6570_g_firmware	fujifilm apeos c6570 g firmware	lt	1.1.7
fujifilm:apeos_c5570_g_firmware	fujifilm apeos c5570 g firmware	lt	1.1.7

Rows per page:

1-10 of 921

References

fermatattack.secvuln.info

global.canon/en/support/security/index.html

safezoneswupdate.com

www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html

Social References

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

Related for CVE-2022-26320

prion1 cvelist1 cve1