CVE-2022-29588 : Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password stora

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.

Published 2022-05-16 06:15:08

Updated 2022-05-30 00:19:48

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-29588

Konicaminolta » Bizhub C759 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c759_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C759 » Version: N/A
Konicaminolta » Bizhub C659 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c659_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C659 » Version: N/A
Konicaminolta » Bizhub C658 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c658_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C658 » Version: N/A
Konicaminolta » Bizhub C558 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c558_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C558 » Version: N/A
Konicaminolta » Bizhub C458 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c458_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C458 » Version: N/A
Konicaminolta » Bizhub 958 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_958_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 958 » Version: N/A
Konicaminolta » Bizhub 808 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_808_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 808 » Version: N/A
Konicaminolta » Bizhub 758 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_758_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 758 » Version: N/A
Konicaminolta » Bizhub 658e Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_658e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 658e » Version: N/A
Konicaminolta » Bizhub 558e Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_558e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 558e » Version: N/A
Konicaminolta » Bizhub 458e Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_458e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 458e » Version: N/A
Konicaminolta » Bizhub C287 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c287_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C287 » Version: N/A
Konicaminolta » Bizhub C227 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c227_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C227 » Version: N/A
Konicaminolta » Bizhub 287 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_287_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 287 » Version: N/A
Konicaminolta » Bizhub 227 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_227_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 227 » Version: N/A
Konicaminolta » Bizhub 368e Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_368e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 368e » Version: N/A
Konicaminolta » Bizhub 308e Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_308e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 308e » Version: N/A
Konicaminolta » Bizhub C368 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c368_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C368 » Version: N/A
Konicaminolta » Bizhub C308 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c308_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C308 » Version: N/A
Konicaminolta » Bizhub C258 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c258_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C258 » Version: N/A
Konicaminolta » Bizhub 558 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_558_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 558 » Version: N/A
Konicaminolta » Bizhub 458 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_458_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 458 » Version: N/A
Konicaminolta » Bizhub 368 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_368_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 368 » Version: N/A
Konicaminolta » Bizhub 308 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_308_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 308 » Version: N/A
Konicaminolta » Bizhub C3851fs Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c3851fs_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C3851fs » Version: N/A
Konicaminolta » Bizhub C3851 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c3851_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C3851 » Version: N/A
Konicaminolta » Bizhub C3351 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c3351_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C3351 » Version: N/A
Konicaminolta » Bizhub 4752 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_4752_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 4752 » Version: N/A
Konicaminolta » Bizhub 4052 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_4052_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 4052 » Version: N/A
Konicaminolta » Bizhub C650i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c650i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C650i » Version: N/A
Konicaminolta » Bizhub C550i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c550i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C550i » Version: N/A
Konicaminolta » Bizhub C450i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c450i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C450i » Version: N/A
Konicaminolta » Bizhub C360i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c360i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C360i » Version: N/A
Konicaminolta » Bizhub C300i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c300i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C300i » Version: N/A
Konicaminolta » Bizhub C250i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c250i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C250i » Version: N/A
Konicaminolta » Bizhub 306i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_306i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 306i » Version: N/A
Konicaminolta » Bizhub 226i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_226i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 226i » Version: N/A
Konicaminolta » Bizhub C4050i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c4050i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C4050i » Version: N/A
Konicaminolta » Bizhub C3350i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c3350i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C3350i » Version: N/A
Konicaminolta » Bizhub C4000i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c4000i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C4000i » Version: N/A
Konicaminolta » Bizhub C3300i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c3300i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C3300i » Version: N/A
Konicaminolta » Bizhub C3320i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_c3320i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub C3320i » Version: N/A
Konicaminolta » Bizhub 246i Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_246i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 246i » Version: N/A
Konicaminolta » Bizhub 367 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_367_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub 367 » Version: N/A
Konicaminolta » Bizhub Pro958 Firmware
Versions before (<) 2022-04-14
cpe:2.3:o:konicaminolta:bizhub_pro958_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Konicaminolta » Bizhub Pro958 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-29588

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 56 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-29588

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2022-29588

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-29588

http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html

Konica Minolta bizhub MFP Printer Terminal Sandbox Escape ≈ Packet Storm
Third Party Advisory;VDB Entry
https://sec-consult.com/vulnerability-lab/

Vulnerability Lab - SEC Consult
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-29588

Products affected by CVE-2022-29588

Exploit prediction scoring system (EPSS) score for CVE-2022-29588

CVSS scores for CVE-2022-29588

CWE ids for CVE-2022-29588

References for CVE-2022-29588