CVE-2023-46327

MEDIUM

FUJIFILM Business Innovation Corp. & Xerox - Info Disclosure

Title source: llm

Description

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

References (3)

Core 3

Core References

Third Party Advisory

https://jvn.jp/en/vu/JVNVU96482726/index.html

Vendor Advisory

https://security.business.xerox.com/en-us/documents/bulletins/

Vendor Advisory

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_announce.html

Scores

CVSS v3 5.9

EPSS 0.0035

EPSS Percentile 26.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (50)

fujifilm/apeos_2560_firmware 1.0.0 - 1.2.16

fujifilm/apeos_2560_gk_firmware 1.0.0 - 1.2.16

fujifilm/apeos_3060_firmware 1.0.0 - 1.2.16

fujifilm/apeos_3060_gk_firmware 1.0.0 - 1.2.16

fujifilm/apeos_3560_firmware 1.0.0 - 1.2.16

fujifilm/apeos_3560_gk_firmware 1.0.0 - 1.2.16

fujifilm/apeos_4570_firmware 1.0.0 - 1.3.6

fujifilm/apeos_4830_firmware < 1.20.9

fujifilm/apeos_5330_firmware < 1.20.9

fujifilm/apeos_5570_firmware 1.0.0 - 1.3.6

... and 40 more

Published Nov 02, 2023

Tracked Since Feb 18, 2026