Multiple vulnerabilities in Konica Minolta multifunction printers and single-function printers
December 24, 2021
Konica Minolta, Inc.
We deeply appreciate your constant patronage to our products.
Five vulnerabilities have been identified in the affected devices. Here, we report the overview of the problems and our measures for the vulnerabilities.
The overview of the vulnerabilities
Note: Below is the result of risk evaluation assuming that MFP is installed in a general office protected by a firewall.
|Reference identification number||CVSSv3.1||Base Score||Vulnerabilities description|
|CVE-2021-20868||CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N||4.2||If external server authentication is used, a remote attacker with administrative privileges could steal user credentials by sending specific SOAP messages.|
|CVE-2021-20869||CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N||5.3||When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages.|
|CVE-2021-20870||CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N||4.0||When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out.|
|CVE-2021-20871||CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N||5.3||If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message.|
|CVE-2021-20872||CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H||6.4||An attacker could bypass the tamper detection feature of the firmware and install malicious firmware.|
Affected Models and supported status of the countermeasure firmware
Color, B&W MFPs (Y: Affected, N: Not affected)
|Product name||CVE-2021||Affected Version||Fixed Version|
|bizhub C750i||Y||Y||Y||Y||N||G00-35 or earlier||G00-E9 or later|
|bizhub C650i/C550i/C450i||Y||Y||Y||Y||N||G00-B6 or earlier||G00-E9 or later|
|bizhub C360i/C300i/C250i||Y||Y||Y||Y||N||G00-B6 or earlier||G00-E9 or later|
|bizhub 750i/650i/550i/450i||Y||Y||Y||Y||N||G00-37 or earlier||G00-E9 or later|
|bizhub 360i/300i||Y||Y||Y||Y||N||G00-33 or earlier||G00-E9 or later|
|bizhub C287i/C257i/C227i||Y||Y||Y||Y||N||G00-19 or earlier||G00-E9 or later|
|bizhub 306i/266i/246i/226i||Y||Y||Y||Y||N||G00-B6 or earlier||G00-E9 or later|
|bizhub C759/C659||Y||Y||Y||Y||Y||GC7-X8 or earlier||GCA-Y1 or later|
|bizhub C287/C227||Y||Y||Y||Y||Y||GC7-X8 or earlier||GCA-Y0 or later|
|bizhub 368e/308e||Y||Y||Y||Y||Y||GC7-X8 or earlier||GCA-X8 or later|
|bizhub C368/C308/C258||Y||Y||Y||Y||Y||GC9-X4 or earlier||GCA-X4 or later|
|bizhub C754e/C654e||Y||Y||Y||Y||Y||GDQ-M0 or earlier||GDR-M0 or later|
|bizhub C554e/C454e||Y||Y||Y||Y||Y||GDQ-M1 or earlier||GDR-M1 or later|
|bizhub 554e/454e/364e/284e/224e||Y||Y||Y||Y||Y||GDQ-M1 or earlier||GDR-M1 or later|
|bizhub C754/C654, C554/C454||Y||Y||Y||Y||Y||GR1-M0 or earlier||GR4-M0 or later|
|bizhub C4050i/C3350i/C4000i/C3300i||Y||Y||Y||Y||N||G00-B6 or earlier||G00-E9 or later|
|bizhub C3320i||Y||Y||Y||Y||N||G00-B6 or earlier||G00-E9 or later|
|bizhub 4750i/4050i||Y||Y||Y||Y||N||G00-22 or earlier||G00-E9 or later|
|bizhub 4700i||Y||Y||Y||Y||N||G00-22 or earlier||G00-E9 or later|
|bizhub C3851FS/C3851/C3351||Y||Y||Y||Y||Y||GC9-X4 or earlier||GCA-X4 or later|
|bizhub 4752/4052||Y||Y||Y||Y||Y||GC9-X4 or earlier||GCA-X4 or later|
|bizhub C3850/C3350/3850FS||N||N||Y||N||N||Please see solution (1).|
|bizhub 4750/4050||N||N||Y||N||N||Please see solution (1).|
|bizhub C3110||N||N||Y||N||N||Please see solution (1).|
|bizhub C3100P||N||N||Y||N||N||Please see solution (1).|
(1) CVE-2021-20870 can be avoided with the standard HDD/SSD encryption feature. Enabling the setting will require formatting and will erase your data, so it is recommended that you back up your important data in advance.
(2) For problems other than the above, the countermeasure firmware will be applied sequentially, either remotely or during a visit by a field technician.
In order to reduce general security risks, including these vulnerabilities, we recommend that you use our devices under various security settings.
- If the administrator password is left at the default setting, change it to a password that is less likely to be guessed.
- In order to reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please assign a private IP address, use the device in a network protected by a firewall.
- Use the IP address filtering function to limit the range of networks that can access the MFP.
Also, for greater security, consider utilizing the user authentication function to restrict the users of the MFP and not allow public users.
Please refer to the user's guide for detailed settings.
We would like to express gratitude to Prof. Dr. Dominik Merli, Mr. Benjamin Kienle and the team of the Institute for innovative Safety and Security (HSA_innos,hsainnos.de) at Augsburg University of Applied Sciences for finding and reporting the vulnerabilities.
If you have any questions or need to apply the countermeasure firmware, please contact the service manager of your device.