If the administrator password is left at the default setting, change it to a password that is less likely to be guessed.In order to reduce general security risks, including these vulnerabilities, we recommend that you use our devices under various security settings. (2) For problems other than the above, the countermeasure firmware will be applied sequentially, either remotely or during a visit by a field technician. Enabling the setting will require formatting and will erase your data, so it is recommended that you back up your important data in advance. (1) CVE-2021-20870 can be avoided with the standard HDD/SSD encryption feature. If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message.ĬVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HĪn attacker could bypass the tamper detection feature of the firmware and install malicious firmware.Īffected Models and supported status of the countermeasure firmwareĬolor, B&W MFPs (Y: Affected, N: Not affected) Product name When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out. When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages.ĬVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N If external server authentication is used, a remote attacker with administrative privileges could steal user credentials by sending specific SOAP messages.ĬVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Reference identification numberĬVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N Note: Below is the result of risk evaluation assuming that MFP is installed in a general office protected by a firewall. Here, we report the overview of the problems and our measures for the vulnerabilities. We deeply appreciate your constant patronage to our products.įive vulnerabilities have been identified in the affected devices.
0 kommentar(er)
