Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.1, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), for affected systems. Impacting 181 products from rambus, from fujifilm, from fujifilm and 178 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-03-14T18:15:08.123

Last Modified

2024-11-21T06:53:44.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rambus	safezone_basic_crypto_module	< 10.4.0	Yes
Operating System	fujifilm	apeos_c7070_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c7070	-	No
Operating System	fujifilm	apeos_c6570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c6570	-	No
Operating System	fujifilm	apeos_c5570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c5570	-	No
Operating System	fujifilm	apeos_c4570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c4570	-	No
Operating System	fujifilm	apeos_c3570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3570	-	No
Operating System	fujifilm	apeos_c3070_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3070	-	No
Operating System	fujifilm	apeos_c7070_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c7070_g	-	No
Operating System	fujifilm	apeos_c6570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c6570_g	-	No
Operating System	fujifilm	apeos_c5570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c5570_g	-	No
Operating System	fujifilm	apeos_c4570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c4570_g	-	No
Operating System	fujifilm	apeos_c3570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3570_g	-	No
Operating System	fujifilm	apeos_c3070_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3070_g	-	No
Operating System	fujifilm	apeos_c328_df_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c328_df	-	No
Operating System	fujifilm	apeos_c328_dw_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c328_dw	-	No
Operating System	fujifilm	apeos_c325_dw_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c325_dw	-	No
Operating System	fujifilm	apeos_c325_z_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c325_z	-	No
Operating System	fujifilm	apeos_c8180_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeos_c8180	-	No
Operating System	fujifilm	apeos_c7580_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeos_c7580	-	No
Operating System	fujifilm	apeos_c6580_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeos_c6580	-	No
Operating System	fujifilm	apeosport_3560_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3560	-	No
Operating System	fujifilm	apeosport_3060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3060	-	No
Operating System	fujifilm	apeosport_2560_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_2560	-	No
Operating System	fujifilm	apeosport_3560_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3560_g	-	No
Operating System	fujifilm	apeosport_3060_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3060_g	-	No
Operating System	fujifilm	apeosport_2560_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_2560_g	-	No
Operating System	fujifilm	apeosport_4570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_4570_g	-	No
Operating System	fujifilm	apeosport_5570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_5570_g	-	No
Operating System	fujifilm	apeosport_4570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_4570	-	No
Operating System	fujifilm	apeosport_5570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_5570	-	No
Operating System	fujifilm	apeosport_c3060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3060	-	No
Operating System	fujifilm	apeosport_c2560_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2560	-	No
Operating System	fujifilm	apeosport_c2060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2060	-	No
Operating System	fujifilm	apeosport_c3060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3060	-	No
Operating System	fujifilm	apeosport_c2560_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2560_g	-	No
Operating System	fujifilm	apeosport_c2060_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2060_g	-	No
Operating System	fujifilm	apeosport_c7070_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c7070	-	No
Operating System	fujifilm	apeosport_c4570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c4570	-	No
Operating System	fujifilm	apeosport_c3570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3570	-	No
Operating System	fujifilm	apeosport_c3070_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3070	-	No
Operating System	fujifilm	apeosport_c6570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c6570	-	No
Operating System	fujifilm	apeosport_c5570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c5570	-	No
Operating System	fujifilm	apeosport_c7070_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c7070_g	-	No
Operating System	fujifilm	apeosport_c4570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c4570_g	-	No
Operating System	fujifilm	apeosport_c3570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3570_g	-	No
Operating System	fujifilm	apeosport_c3070_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3070_g	-	No
Operating System	fujifilm	apeosport_c6570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c6570_g	-	No
Operating System	fujifilm	apeosport_c5570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c5570_g	-	No
Operating System	fujifilm	apeosport_print_c5570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_print_c5570	-	No
Operating System	fujifilm	apeosport-vii_5021_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_5021	-	No
Operating System	fujifilm	apeosport-vii_p4021_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_p4021	-	No
Operating System	fujifilm	apeosport-vii_4021_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_4021	-	No
Operating System	fujifilm	apeosport-vii_cp4421_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_cp4421	-	No
Operating System	fujifilm	apeosport-vii_c4421_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_c4421	-	No
Operating System	fujifilm	apeosport-vii_c3321_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_c3321	-	No
Operating System	fujifilm	apeosport-vii_c7773_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c7773	-	No
Operating System	fujifilm	apeosport-vii_c6773_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c6773	-	No
Operating System	fujifilm	apeosport-vii_c5573_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c5573	-	No
Operating System	fujifilm	apeosport-vii_c4473_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c4473	-	No
Operating System	fujifilm	apeosport-vii_c3373_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c3373	-	No
Operating System	fujifilm	apeosport-vii_c3372_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c3372	-	No
Operating System	fujifilm	apeosport-vii_c2273_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c2273	-	No
Operating System	fujifilm	apeosport-vii_c7788_firmware	< 1.60.1	Yes
Hardware	fujifilm	apeosport-vii_c7788	-	No
Operating System	fujifilm	apeosport-vii_c6688_firmware	< 1.60.1	Yes
Hardware	fujifilm	apeosport-vii_c6688	-	No
Operating System	fujifilm	apeosport-vii_c5588_firmware	< 1.60.1	Yes
Hardware	fujifilm	apeosport-vii_c5588	-	No
Operating System	fujifilm	apeospro_c810_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeospro_c810	-	No
Operating System	fujifilm	apeospro_c750_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeospro_c750	-	No
Operating System	fujifilm	apeospro_c650_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeospro_c650	-	No
Operating System	fujifilm	apeosprint_c328_firmware	< 202112062117	Yes
Hardware	fujifilm	apeosprint_c328	-	No
Operating System	fujifilm	apeosprint_c328_dw_firmware	< 202112062117	Yes
Hardware	fujifilm	apeosprint_c328_dw	-	No
Operating System	fujifilm	apeosprint_c325_dw_firmware	< 202112062117	Yes
Hardware	fujifilm	apeosprint_c325_dw	-	No
Operating System	fujifilm	docucentre-vii_c7773_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c7773	-	No
Operating System	fujifilm	docucentre-vii_c6673_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c6673	-	No
Operating System	fujifilm	docucentre-vii_c5573_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c5573	-	No
Operating System	fujifilm	docucentre-vii_c4473_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c4473	-	No
Operating System	fujifilm	docucentre-vii_c3373_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c3373	-	No
Operating System	fujifilm	docucentre-vii_c3372_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c3372	-	No
Operating System	fujifilm	docucentre-vii_c2273_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c2273	-	No
Operating System	fujifilm	docucentre-vii_c7788_firmware	< 1.60.1	Yes
Hardware	fujifilm	docucentre-vii_c7788	-	No
Operating System	fujifilm	docucentre-vii_c6688_firmware	< 1.60.1	Yes
Hardware	fujifilm	docucentre-vii_c6688	-	No
Operating System	fujifilm	docucentre-vii_c5588_firmware	< 1.60.1	Yes
Hardware	fujifilm	docucentre-vii_c5588	-	No
Operating System	fujifilm	docuprint_4405_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_4405_d	-	No
Operating System	fujifilm	docuprint_4408_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_4408_d	-	No
Operating System	fujifilm	docuprint_3505_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3505_d	-	No
Operating System	fujifilm	docuprint_3508_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3508_d	-	No
Operating System	fujifilm	docuprint_3205_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3205_d	-	No
Operating System	fujifilm	docuprint_3208_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3208_d	-	No
Operating System	fujifilm	docuprint_c3555_d_firmware	< 1.57.6	Yes
Hardware	fujifilm	docuprint_c3555_d	-	No
Operating System	fujifilm	docuprint_c2555_d_firmware	< 1.57.6	Yes
Hardware	fujifilm	docuprint_c2555_d	-	No
Operating System	fujifilm	primelink_c9070_firmware	< 1.145.1	Yes
Hardware	fujifilm	primelink_c9070	-	No
Operating System	fujifilm	primelink_c9065_firmware	< 1.145.1	Yes
Hardware	fujifilm	primelink_c9065	-	No
Operating System	canon	imagerunner_firmware	≤ 2020-03-14	Yes
Operating System	canon	imageprograf_firmware	< 2020-03-14	Yes

References

https://fermatattack.secvuln.info Third Party Advisory ([email protected])
https://global.canon/en/support/security/index.html Third Party Advisory ([email protected])
https://web.archive.org/web/20220922042721/https://safezoneswupdate.com/ ([email protected])
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html Mitigation, Third Party Advisory ([email protected])
https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/ ([email protected])
https://fermatattack.secvuln.info Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://global.canon/en/support/security/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://safezoneswupdate.com (af854a3a-2127-422b-91ae-364da2661108)
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For rambus's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.