Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Published

2022-03-14T18:15:08.123

Last Modified

2024-11-21T06:53:44.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rambus	safezone_basic_crypto_module	< 10.4.0	Yes
Operating System	fujifilm	apeos_c7070_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c7070	-	No
Operating System	fujifilm	apeos_c6570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c6570	-	No
Operating System	fujifilm	apeos_c5570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c5570	-	No
Operating System	fujifilm	apeos_c4570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c4570	-	No
Operating System	fujifilm	apeos_c3570_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3570	-	No
Operating System	fujifilm	apeos_c3070_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3070	-	No
Operating System	fujifilm	apeos_c7070_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c7070_g	-	No
Operating System	fujifilm	apeos_c6570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c6570_g	-	No
Operating System	fujifilm	apeos_c5570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c5570_g	-	No
Operating System	fujifilm	apeos_c4570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c4570_g	-	No
Operating System	fujifilm	apeos_c3570_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3570_g	-	No
Operating System	fujifilm	apeos_c3070_g_firmware	< 1.1.7	Yes
Hardware	fujifilm	apeos_c3070_g	-	No
Operating System	fujifilm	apeos_c328_df_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c328_df	-	No
Operating System	fujifilm	apeos_c328_dw_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c328_dw	-	No
Operating System	fujifilm	apeos_c325_dw_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c325_dw	-	No
Operating System	fujifilm	apeos_c325_z_firmware	< 202112062053	Yes
Hardware	fujifilm	apeos_c325_z	-	No
Operating System	fujifilm	apeos_c8180_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeos_c8180	-	No
Operating System	fujifilm	apeos_c7580_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeos_c7580	-	No
Operating System	fujifilm	apeos_c6580_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeos_c6580	-	No
Operating System	fujifilm	apeosport_3560_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3560	-	No
Operating System	fujifilm	apeosport_3060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3060	-	No
Operating System	fujifilm	apeosport_2560_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_2560	-	No
Operating System	fujifilm	apeosport_3560_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3560_g	-	No
Operating System	fujifilm	apeosport_3060_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_3060_g	-	No
Operating System	fujifilm	apeosport_2560_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_2560_g	-	No
Operating System	fujifilm	apeosport_4570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_4570_g	-	No
Operating System	fujifilm	apeosport_5570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_5570_g	-	No
Operating System	fujifilm	apeosport_4570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_4570	-	No
Operating System	fujifilm	apeosport_5570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_5570	-	No
Operating System	fujifilm	apeosport_c3060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3060	-	No
Operating System	fujifilm	apeosport_c2560_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2560	-	No
Operating System	fujifilm	apeosport_c2060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2060	-	No
Operating System	fujifilm	apeosport_c3060_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3060	-	No
Operating System	fujifilm	apeosport_c2560_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2560_g	-	No
Operating System	fujifilm	apeosport_c2060_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c2060_g	-	No
Operating System	fujifilm	apeosport_c7070_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c7070	-	No
Operating System	fujifilm	apeosport_c4570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c4570	-	No
Operating System	fujifilm	apeosport_c3570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3570	-	No
Operating System	fujifilm	apeosport_c3070_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3070	-	No
Operating System	fujifilm	apeosport_c6570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c6570	-	No
Operating System	fujifilm	apeosport_c5570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c5570	-	No
Operating System	fujifilm	apeosport_c7070_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c7070_g	-	No
Operating System	fujifilm	apeosport_c4570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c4570_g	-	No
Operating System	fujifilm	apeosport_c3570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3570_g	-	No
Operating System	fujifilm	apeosport_c3070_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c3070_g	-	No
Operating System	fujifilm	apeosport_c6570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c6570_g	-	No
Operating System	fujifilm	apeosport_c5570_g_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_c5570_g	-	No
Operating System	fujifilm	apeosport_print_c5570_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport_print_c5570	-	No
Operating System	fujifilm	apeosport-vii_5021_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_5021	-	No
Operating System	fujifilm	apeosport-vii_p4021_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_p4021	-	No
Operating System	fujifilm	apeosport-vii_4021_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_4021	-	No
Operating System	fujifilm	apeosport-vii_cp4421_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_cp4421	-	No
Operating System	fujifilm	apeosport-vii_c4421_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_c4421	-	No
Operating System	fujifilm	apeosport-vii_c3321_firmware	< 1.60.9	Yes
Hardware	fujifilm	apeosport-vii_c3321	-	No
Operating System	fujifilm	apeosport-vii_c7773_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c7773	-	No
Operating System	fujifilm	apeosport-vii_c6773_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c6773	-	No
Operating System	fujifilm	apeosport-vii_c5573_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c5573	-	No
Operating System	fujifilm	apeosport-vii_c4473_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c4473	-	No
Operating System	fujifilm	apeosport-vii_c3373_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c3373	-	No
Operating System	fujifilm	apeosport-vii_c3372_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c3372	-	No
Operating System	fujifilm	apeosport-vii_c2273_firmware	< 1.60.2	Yes
Hardware	fujifilm	apeosport-vii_c2273	-	No
Operating System	fujifilm	apeosport-vii_c7788_firmware	< 1.60.1	Yes
Hardware	fujifilm	apeosport-vii_c7788	-	No
Operating System	fujifilm	apeosport-vii_c6688_firmware	< 1.60.1	Yes
Hardware	fujifilm	apeosport-vii_c6688	-	No
Operating System	fujifilm	apeosport-vii_c5588_firmware	< 1.60.1	Yes
Hardware	fujifilm	apeosport-vii_c5588	-	No
Operating System	fujifilm	apeospro_c810_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeospro_c810	-	No
Operating System	fujifilm	apeospro_c750_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeospro_c750	-	No
Operating System	fujifilm	apeospro_c650_firmware	< 1.1.6	Yes
Hardware	fujifilm	apeospro_c650	-	No
Operating System	fujifilm	apeosprint_c328_firmware	< 202112062117	Yes
Hardware	fujifilm	apeosprint_c328	-	No
Operating System	fujifilm	apeosprint_c328_dw_firmware	< 202112062117	Yes
Hardware	fujifilm	apeosprint_c328_dw	-	No
Operating System	fujifilm	apeosprint_c325_dw_firmware	< 202112062117	Yes
Hardware	fujifilm	apeosprint_c325_dw	-	No
Operating System	fujifilm	docucentre-vii_c7773_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c7773	-	No
Operating System	fujifilm	docucentre-vii_c6673_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c6673	-	No
Operating System	fujifilm	docucentre-vii_c5573_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c5573	-	No
Operating System	fujifilm	docucentre-vii_c4473_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c4473	-	No
Operating System	fujifilm	docucentre-vii_c3373_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c3373	-	No
Operating System	fujifilm	docucentre-vii_c3372_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c3372	-	No
Operating System	fujifilm	docucentre-vii_c2273_firmware	< 1.60.2	Yes
Hardware	fujifilm	docucentre-vii_c2273	-	No
Operating System	fujifilm	docucentre-vii_c7788_firmware	< 1.60.1	Yes
Hardware	fujifilm	docucentre-vii_c7788	-	No
Operating System	fujifilm	docucentre-vii_c6688_firmware	< 1.60.1	Yes
Hardware	fujifilm	docucentre-vii_c6688	-	No
Operating System	fujifilm	docucentre-vii_c5588_firmware	< 1.60.1	Yes
Hardware	fujifilm	docucentre-vii_c5588	-	No
Operating System	fujifilm	docuprint_4405_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_4405_d	-	No
Operating System	fujifilm	docuprint_4408_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_4408_d	-	No
Operating System	fujifilm	docuprint_3505_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3505_d	-	No
Operating System	fujifilm	docuprint_3508_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3508_d	-	No
Operating System	fujifilm	docuprint_3205_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3205_d	-	No
Operating System	fujifilm	docuprint_3208_d_firmware	< 1.57.5	Yes
Hardware	fujifilm	docuprint_3208_d	-	No
Operating System	fujifilm	docuprint_c3555_d_firmware	< 1.57.6	Yes
Hardware	fujifilm	docuprint_c3555_d	-	No
Operating System	fujifilm	docuprint_c2555_d_firmware	< 1.57.6	Yes
Hardware	fujifilm	docuprint_c2555_d	-	No
Operating System	fujifilm	primelink_c9070_firmware	< 1.145.1	Yes
Hardware	fujifilm	primelink_c9070	-	No
Operating System	fujifilm	primelink_c9065_firmware	< 1.145.1	Yes
Hardware	fujifilm	primelink_c9065	-	No
Operating System	canon	imagerunner_firmware	≤ 2020-03-14	Yes
Operating System	canon	imageprograf_firmware	< 2020-03-14	Yes

References

https://fermatattack.secvuln.info Third Party Advisory ([email protected])
https://global.canon/en/support/security/index.html Third Party Advisory ([email protected])
https://web.archive.org/web/20220922042721/https://safezoneswupdate.com/ ([email protected])
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html Mitigation, Third Party Advisory ([email protected])
https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/ ([email protected])
https://fermatattack.secvuln.info Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://global.canon/en/support/security/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://safezoneswupdate.com (af854a3a-2127-422b-91ae-364da2661108)
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)