Vulnerability Details : CVE-2021-20870
Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.
Products affected by CVE-2021-20870
- cpe:2.3:o:konicaminolta:bizhub_c759_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c659_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c658_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c558_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c458_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_958_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_808_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_758_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_658e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_558e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_458e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c287_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c227_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_287_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_227_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_368e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_308e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c368_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c308_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c258_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_558_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_458_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_368_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_308_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c754e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c654e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_754e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_654e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c554e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c454e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c364e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c284e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c224e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_554e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_454e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_364e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_284e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_224e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c754_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c654_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c554_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c454_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c364_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c284_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c224_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_754_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_654_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3851fs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3851_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3351_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4752_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4052_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c750i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c650i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c550i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c450i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c360i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c300i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c250i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_750i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_650i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_550i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_450i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_360i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_300i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c287i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c257i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c227i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_306i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_266i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_226i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c4050i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3350i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c4000i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3300i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3320i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4750i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4050i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4700i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_246i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3850_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3350_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3850fs_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4750_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_4050_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3110_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:konicaminolta:bizhub_c3100p_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20870
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20870
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2021-20870
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20870
-
https://jvn.jp/vu/JVNVU95192472/index.html
JVNVU#95192472: コニカミノルタ製複合機および印刷システムにおける複数の脆弱性Third Party Advisory;VDB Entry
-
https://www.konicaminolta.com/global/newsroom/topics/2021/1224-01-01.html
Multiple vulnerabilities in Konica Minolta multifunction printers and single-function printers | KONICA MINOLTAMitigation;Vendor Advisory
-
https://jvn.jp/en/vu/JVNVU95192472/index.html
JVNVU#95192472: Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systemsThird Party Advisory;VDB Entry
-
https://www.konicaminolta.jp/business/support/important/211224_01_01.html
コニカミノルタ製複合機・プリンターにおける複数のセキュリティー脆弱性について - 重要なお知らせ | コニカミノルタMitigation;Vendor Advisory
Jump to