Denial of service in FUJIFILM products

Published: 2023-07-03

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-29984
CWE-ID	CWE-476
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	DocuPrint P115 w Hardware solutions / Office equipment, IP-phones, print servers DocuPrint P118 w Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M115 w Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M115 fw Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M115 z Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M118 w Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M118 z Hardware solutions / Office equipment, IP-phones, print servers DocuPrint P225 d Hardware solutions / Office equipment, IP-phones, print servers DocuPrint P268 d Hardware solutions / Office equipment, IP-phones, print servers DocuPrint P268 dw Hardware solutions / Office equipment, IP-phones, print servers DocuPrint P265 dw Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M268 dw Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M225 dw Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M225 z Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M268 z Hardware solutions / Office equipment, IP-phones, print servers DocuPrint M265 z Hardware solutions / Office equipment, IP-phones, print servers
Vendor	FUJIFILM Business Innovation

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU77850

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Web Based Management. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

DocuPrint P115 w: All versions

DocuPrint P118 w: All versions

DocuPrint M115 w: All versions

DocuPrint M115 fw: All versions

DocuPrint M115 z: All versions

DocuPrint M118 w: All versions

DocuPrint M118 z: All versions

DocuPrint P225 d: All versions

DocuPrint P268 d: All versions

DocuPrint P268 dw: All versions

DocuPrint P265 dw: All versions

DocuPrint M268 dw: All versions

DocuPrint M225 dw: All versions

DocuPrint M225 z: All versions

DocuPrint M268 z: All versions

DocuPrint M265 z: All versions

CPE2.3

External links

https://jvn.jp/en/vu/JVNVU93767756/index.html
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/browser_announce.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.