Topics

Multiple vulnerabilities in Konica Minolta multifunction printers and single-function printers

December 24, 2021

Konica Minolta, Inc.

Dear Customers,

We deeply appreciate your constant patronage to our products.
Five vulnerabilities have been identified in the affected devices. Here, we report the overview of the problems and our measures for the vulnerabilities.

The overview of the vulnerabilities

Note: Below is the result of risk evaluation assuming that MFP is installed in a general office protected by a firewall.

Reference identification number CVSSv3.1 Base Score Vulnerabilities description
CVE-2021-20868 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 4.2 If external server authentication is used, a remote attacker with administrative privileges could steal user credentials by sending specific SOAP messages.
CVE-2021-20869 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 5.3 When using external authentication with an LDAP server, a remote attacker could steal specific authentication information in Administrator settings by sending specific SOAP messages.
CVE-2021-20870 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 4.0 When scan transmission is interrupted by a network error, a physically accessible attacker could steal the scanned image data by removing the HDD before the scan job times out.
CVE-2021-20871 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 5.3 If a scanning destination that requires the registration of authentication information, such as FTP, SMB, or WebDAV, is registered in the address book of a multifunction printer, a remote attacker could steal the registered authentication information by sending a specific SOAP message.
CVE-2021-20872 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 6.4 An attacker could bypass the tamper detection feature of the firmware and install malicious firmware.



Affected Models and supported status of the countermeasure firmware
Color, B&W MFPs (Y: Affected, N: Not affected)

Product name CVE-2021 Affected Version Fixed Version
20868 20869 20870 20871 20872
bizhub C750i Y Y Y Y N G00-35 or earlier G00-E9 or later
bizhub C650i/C550i/C450i Y Y Y Y N G00-B6 or earlier G00-E9 or later
bizhub C360i/C300i/C250i Y Y Y Y N G00-B6 or earlier G00-E9 or later
bizhub 750i/650i/550i/450i Y Y Y Y N G00-37 or earlier G00-E9 or later
bizhub 360i/300i Y Y Y Y N G00-33 or earlier G00-E9 or later
bizhub C287i/C257i/C227i Y Y Y Y N G00-19 or earlier G00-E9 or later
bizhub 306i/266i/246i/226i Y Y Y Y N G00-B6 or earlier G00-E9 or later
bizhub C759/C659 Y Y Y Y Y GC7-X8 or earlier GCA-Y1 or later
bizhub C658/C558/C458
bizhub 958/808/758
bizhub 658e/558e/458e
bizhub C287/C227 Y Y Y Y Y GC7-X8 or earlier GCA-Y0 or later
bizhub 287/227
bizhub 368e/308e Y Y Y Y Y GC7-X8 or earlier GCA-X8 or later
bizhub C368/C308/C258 Y Y Y Y Y GC9-X4 or earlier GCA-X4 or later
bizhub 558/458/368/308
bizhub C754e/C654e Y Y Y Y Y GDQ-M0 or earlier GDR-M0 or later
bizhub 754e/654e
bizhub C554e/C454e Y Y Y Y Y GDQ-M1 or earlier GDR-M1 or later
bizhub C364e/C284e/C224e
bizhub 554e/454e/364e/284e/224e Y Y Y Y Y GDQ-M1 or earlier GDR-M1 or later
bizhub C754/C654, C554/C454 Y Y Y Y Y GR1-M0 or earlier GR4-M0 or later
bizhub C364/C284/C224
bizhub 754/654
bizhub C4050i/C3350i/C4000i/C3300i Y Y Y Y N G00-B6 or earlier G00-E9 or later
bizhub C3320i Y Y Y Y N G00-B6 or earlier G00-E9 or later
bizhub 4750i/4050i Y Y Y Y N G00-22 or earlier G00-E9 or later
bizhub 4700i Y Y Y Y N G00-22 or earlier G00-E9 or later
bizhub C3851FS/C3851/C3351 Y Y Y Y Y GC9-X4 or earlier GCA-X4 or later
bizhub 4752/4052 Y Y Y Y Y GC9-X4 or earlier GCA-X4 or later
bizhub C3850/C3350/3850FS N N Y N N Please see solution (1).
bizhub 4750/4050 N N Y N N Please see solution (1).
bizhub C3110 N N Y N N Please see solution (1).
bizhub C3100P N N Y N N Please see solution (1).

Solution

(1) CVE-2021-20870 can be avoided with the standard HDD/SSD encryption feature. Enabling the setting will require formatting and will erase your data, so it is recommended that you back up your important data in advance.

(2) For problems other than the above, the countermeasure firmware will be applied sequentially, either remotely or during a visit by a field technician.

Mitigations

In order to reduce general security risks, including these vulnerabilities, we recommend that you use our devices under various security settings.

  • If the administrator password is left at the default setting, change it to a password that is less likely to be guessed.
  • In order to reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please assign a private IP address, use the device in a network protected by a firewall.
  • Use the IP address filtering function to limit the range of networks that can access the MFP.

Also, for greater security, consider utilizing the user authentication function to restrict the users of the MFP and not allow public users.
Please refer to the user's guide for detailed settings.

Related information

JVNVU#95192472 Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems

Acknowledgements

We would like to express gratitude to Prof. Dr. Dominik Merli, Mr. Benjamin Kienle and the team of the Institute for innovative Safety and Security (HSA_innos,hsainnos.de) at Augsburg University of Applied Sciences for finding and reporting the vulnerabilities.

Contact

If you have any questions or need to apply the countermeasure firmware, please contact the service manager of your device.