Multiple vulnerabilities in Konica Minolta multifunction printers and single-function printers

Dear Customers,

We deeply appreciate your constant patronage to our products.
Five vulnerabilities have been identified in the affected devices. Here, we report the overview of the problems and our measures for the vulnerabilities.

The overview of the vulnerabilities

Note: Below is the result of risk evaluation assuming that MFP is installed in a general office protected by a firewall.

Reference identification numberCVSSv3.1Base ScoreVulnerabilities description
CVE-2021-20868CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N4.2If external server authentication is used, a remote attacker with administrative privileges could steal user credentials by sending specific SOAP messages.
CVE-2021-20869CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.3When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages.
CVE-2021-20870CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N4.0When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out.
CVE-2021-20871CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N5.3If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message.
CVE-2021-20872CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H6.4An attacker could bypass the tamper detection feature of the firmware and install malicious firmware.



Affected Models and supported status of the countermeasure firmware
Color, B&W MFPs (Y: Affected, N: Not affected)

Product nameCVE-2021Affected VersionFixed Version
2086820869208702087120872
bizhub C750iYYYYNG00-35 or earlierG00-E9 or later
bizhub C650i/C550i/C450iYYYYNG00-B6 or earlierG00-E9 or later
bizhub C360i/C300i/C250iYYYYNG00-B6 or earlierG00-E9 or later
bizhub 750i/650i/550i/450iYYYYNG00-37 or earlierG00-E9 or later
bizhub 360i/300iYYYYNG00-33 or earlierG00-E9 or later
bizhub C287i/C257i/C227iYYYYNG00-19 or earlierG00-E9 or later
bizhub 306i/266i/246i/226iYYYYNG00-B6 or earlierG00-E9 or later
bizhub C759/C659YYYYYGC7-X8 or earlierGCA-Y1 or later
bizhub C658/C558/C458
bizhub 958/808/758
bizhub 658e/558e/458e
bizhub C287/C227YYYYYGC7-X8 or earlierGCA-Y0 or later
bizhub 287/227
bizhub 368e/308eYYYYYGC7-X8 or earlierGCA-X8 or later
bizhub C368/C308/C258YYYYYGC9-X4 or earlierGCA-X4 or later
bizhub 558/458/368/308
bizhub C754e/C654eYYYYYGDQ-M0 or earlierGDR-M0 or later
bizhub 754e/654e
bizhub C554e/C454eYYYYYGDQ-M1 or earlierGDR-M1 or later
bizhub C364e/C284e/C224e
bizhub 554e/454e/364e/284e/224eYYYYYGDQ-M1 or earlierGDR-M1 or later
bizhub C754/C654, C554/C454YYYYYGR1-M0 or earlierGR4-M0 or later
bizhub C364/C284/C224
bizhub 754/654
bizhub C4050i/C3350i/C4000i/C3300iYYYYNG00-B6 or earlierG00-E9 or later
bizhub C3320iYYYYNG00-B6 or earlierG00-E9 or later
bizhub 4750i/4050iYYYYNG00-22 or earlierG00-E9 or later
bizhub 4700iYYYYNG00-22 or earlierG00-E9 or later
bizhub C3851FS/C3851/C3351YYYYYGC9-X4 or earlierGCA-X4 or later
bizhub 4752/4052YYYYYGC9-X4 or earlierGCA-X4 or later
bizhub C3850/C3350/3850FSNNYNNPlease see solution (1).
bizhub 4750/4050NNYNNPlease see solution (1).
bizhub C3110NNYNNPlease see solution (1).
bizhub C3100PNNYNNPlease see solution (1).

Solution

(1) CVE-2021-20870 can be avoided with the standard HDD/SSD encryption feature. Enabling the setting will require formatting and will erase your data, so it is recommended that you back up your important data in advance.

(2) For problems other than the above, the countermeasure firmware will be applied sequentially, either remotely or during a visit by a field technician.

Mitigations

In order to reduce general security risks, including these vulnerabilities, we recommend that you use our devices under various security settings.

  • If the administrator password is left at the default setting, change it to a password that is less likely to be guessed.
  • In order to reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please assign a private IP address, use the device in a network protected by a firewall.
  • Use the IP address filtering function to limit the range of networks that can access the MFP.

Also, for greater security, consider utilizing the user authentication function to restrict the users of the MFP and not allow public users.
Please refer to the user's guide for detailed settings.

Related information

JVNVU#95192472 Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systemsNew Window

Acknowledgements

We would like to express gratitude to Prof. Dr. Dominik Merli, Mr. Benjamin Kienle and the team of the Institute for innovative Safety and Security (HSA_innos,hsainnos.de) at Augsburg University of Applied Sciences for finding and reporting the vulnerabilities.

Contact

If you have any questions or need to apply the countermeasure firmware, please contact the service manager of your device.