CVE-2022-29588

Published: May 16, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.

Affected (45)

45 products

Bizhub C250i Firmware

Bizhub C258 Firmware

Bizhub C287 Firmware

Bizhub C300i Firmware

Bizhub C308 Firmware

Bizhub C3300i Firmware

Bizhub C3320i Firmware

Bizhub C3350i Firmware

Bizhub C3351 Firmware

Bizhub C360i Firmware

Bizhub C368 Firmware

Bizhub C3851 Firmware

Bizhub C3851fs Firmware

Bizhub C4000i Firmware

Bizhub C4050i Firmware

Bizhub C450i Firmware

Bizhub C458 Firmware

Bizhub C550i Firmware

Bizhub C558 Firmware

Bizhub C650i Firmware

Bizhub C658 Firmware

Bizhub C659 Firmware

Bizhub C759 Firmware

Bizhub Pro958 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 226i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 226i	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 227 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 227	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 246i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 246i	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 287 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 287	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 306i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 306i	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 308 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 308	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 308e Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 308e	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 367 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 367	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 368 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 368	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 368e Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 368e	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 4052 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 4052	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 458 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 458	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 458e Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 458e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 4752 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 4752	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 558 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 558	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 558e Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 558e	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 658e Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 658e	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 758 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 758	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 808 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 808	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub 958 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub 958	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C227 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C227	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C250i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C250i	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C258 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C258	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C287 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C287	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C300i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C300i	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C308 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C308	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C3300i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C3300i	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C3320i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C3320i	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C3350i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C3350i	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C3351 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C3351	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C360i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C360i	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C368 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C368	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C3851 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C3851	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C3851fs Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C3851fs	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C4000i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C4000i	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C4050i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C4050i	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C450i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C450i	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C458 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C458	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C550i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C550i	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C558 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C558	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C650i Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C650i	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C658 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C658	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C659 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C659	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub C759 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub C759	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Konicaminolta Bizhub Pro958 Firmware	Before 2022-04-14

Running on/with	Platform Versions
Konicaminolta Bizhub Pro958	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://sec-consult.com/vulnerability-lab/

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://sec-consult.com/vulnerability-lab/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.