Multiple vulnerabilities in Konica Minolta multifunction printers and single-function printers
Dear Customers,
We deeply appreciate your constant patronage to our products.
Five vulnerabilities have been identified in the affected devices. Here, we report the overview of the problems and our measures for the vulnerabilities.
The overview of the vulnerabilities
Note: Below is the result of risk evaluation assuming that MFP is installed in a general office protected by a firewall.
Reference identification number | CVSSv3.1 | Base Score | Vulnerabilities description |
---|---|---|---|
CVE-2021-20868 | CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N | 4.2 | If external server authentication is used, a remote attacker with administrative privileges could steal user credentials by sending specific SOAP messages. |
CVE-2021-20869 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 5.3 | When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages. |
CVE-2021-20870 | CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N | 4.0 | When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out. |
CVE-2021-20871 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 5.3 | If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message. |
CVE-2021-20872 | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 6.4 | An attacker could bypass the tamper detection feature of the firmware and install malicious firmware. |
Affected Models and supported status of the countermeasure firmware
Color, B&W MFPs (Y: Affected, N: Not affected)
Product name | CVE-2021 | Affected Version | Fixed Version | ||||
---|---|---|---|---|---|---|---|
20868 | 20869 | 20870 | 20871 | 20872 | |||
bizhub C750i | Y | Y | Y | Y | N | G00-35 or earlier | G00-E9 or later |
bizhub C650i/C550i/C450i | Y | Y | Y | Y | N | G00-B6 or earlier | G00-E9 or later |
bizhub C360i/C300i/C250i | Y | Y | Y | Y | N | G00-B6 or earlier | G00-E9 or later |
bizhub 750i/650i/550i/450i | Y | Y | Y | Y | N | G00-37 or earlier | G00-E9 or later |
bizhub 360i/300i | Y | Y | Y | Y | N | G00-33 or earlier | G00-E9 or later |
bizhub C287i/C257i/C227i | Y | Y | Y | Y | N | G00-19 or earlier | G00-E9 or later |
bizhub 306i/266i/246i/226i | Y | Y | Y | Y | N | G00-B6 or earlier | G00-E9 or later |
bizhub C759/C659 | Y | Y | Y | Y | Y | GC7-X8 or earlier | GCA-Y1 or later |
bizhub C658/C558/C458 | |||||||
bizhub 958/808/758 | |||||||
bizhub 658e/558e/458e | |||||||
bizhub C287/C227 | Y | Y | Y | Y | Y | GC7-X8 or earlier | GCA-Y0 or later |
bizhub 287/227 | |||||||
bizhub 368e/308e | Y | Y | Y | Y | Y | GC7-X8 or earlier | GCA-X8 or later |
bizhub C368/C308/C258 | Y | Y | Y | Y | Y | GC9-X4 or earlier | GCA-X4 or later |
bizhub 558/458/368/308 | |||||||
bizhub C754e/C654e | Y | Y | Y | Y | Y | GDQ-M0 or earlier | GDR-M0 or later |
bizhub 754e/654e | |||||||
bizhub C554e/C454e | Y | Y | Y | Y | Y | GDQ-M1 or earlier | GDR-M1 or later |
bizhub C364e/C284e/C224e | |||||||
bizhub 554e/454e/364e/284e/224e | Y | Y | Y | Y | Y | GDQ-M1 or earlier | GDR-M1 or later |
bizhub C754/C654, C554/C454 | Y | Y | Y | Y | Y | GR1-M0 or earlier | GR4-M0 or later |
bizhub C364/C284/C224 | |||||||
bizhub 754/654 | |||||||
bizhub C4050i/C3350i/C4000i/C3300i | Y | Y | Y | Y | N | G00-B6 or earlier | G00-E9 or later |
bizhub C3320i | Y | Y | Y | Y | N | G00-B6 or earlier | G00-E9 or later |
bizhub 4750i/4050i | Y | Y | Y | Y | N | G00-22 or earlier | G00-E9 or later |
bizhub 4700i | Y | Y | Y | Y | N | G00-22 or earlier | G00-E9 or later |
bizhub C3851FS/C3851/C3351 | Y | Y | Y | Y | Y | GC9-X4 or earlier | GCA-X4 or later |
bizhub 4752/4052 | Y | Y | Y | Y | Y | GC9-X4 or earlier | GCA-X4 or later |
bizhub C3850/C3350/3850FS | N | N | Y | N | N | Please see solution (1). | |
bizhub 4750/4050 | N | N | Y | N | N | Please see solution (1). | |
bizhub C3110 | N | N | Y | N | N | Please see solution (1). | |
bizhub C3100P | N | N | Y | N | N | Please see solution (1). |
Solution
(1) CVE-2021-20870 can be avoided with the standard HDD/SSD encryption feature. Enabling the setting will require formatting and will erase your data, so it is recommended that you back up your important data in advance.
(2) For problems other than the above, the countermeasure firmware will be applied sequentially, either remotely or during a visit by a field technician.
Mitigations
In order to reduce general security risks, including these vulnerabilities, we recommend that you use our devices under various security settings.
- If the administrator password is left at the default setting, change it to a password that is less likely to be guessed.
- In order to reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please assign a private IP address, use the device in a network protected by a firewall.
- Use the IP address filtering function to limit the range of networks that can access the MFP.
Also, for greater security, consider utilizing the user authentication function to restrict the users of the MFP and not allow public users.
Please refer to the user's guide for detailed settings.
Related information
JVNVU#95192472 Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems
Acknowledgements
We would like to express gratitude to Prof. Dr. Dominik Merli, Mr. Benjamin Kienle and the team of the Institute for innovative Safety and Security (HSA_innos,hsainnos.de) at Augsburg University of Applied Sciences for finding and reporting the vulnerabilities.
Contact
If you have any questions or need to apply the countermeasure firmware, please contact the service manager of your device.