ID

VAR-202203-1326


CVE

CVE-2022-26320


TITLE

Rambus FIPS Security feature vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-1379

DESCRIPTION

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. Rambus FIPS is a portable software encryption toolkit from Rambus that allows IoT device and platform manufacturers to deploy the security they need

Trust: 1.62

sources: NVD: CVE-2022-26320 // CNNVD: CNNVD-202203-1379 // VULHUB: VHN-415478 // VULMON: CVE-2022-26320

AFFECTED PRODUCTS

vendor:fujifilmmodel:apeosport 3560scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c4473scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c3372scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeos c4570scope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeosport c3060scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c3570 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeos c328 dfscope:ltversion:202112062053

Trust: 1.0

vendor:fujifilmmodel:apeosport 3060scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c2273scope:ltversion:1.60.2

Trust: 1.0

vendor:rambusmodel:safezone basic crypto modulescope:ltversion:10.4.0

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c7788scope:ltversion:1.60.1

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c7773scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:docuprint 3508 dscope:ltversion:1.57.5

Trust: 1.0

vendor:fujifilmmodel:apeosport 3560 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii cp4421scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c7773scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeos c6570 gscope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeospro c810scope:ltversion:1.1.6

Trust: 1.0

vendor:fujifilmmodel:apeosport 4570 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosprint c325 dwscope:ltversion:202112062117

Trust: 1.0

vendor:fujifilmmodel:apeos c4570 gscope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c5573scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeosport 3060 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii p4021scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c5570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c3372scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeosport 2560scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeos c325 dwscope:ltversion:202112062053

Trust: 1.0

vendor:fujifilmmodel:apeosport c6570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport print c5570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:docuprint 3205 dscope:ltversion:1.57.5

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c5588scope:ltversion:1.60.1

Trust: 1.0

vendor:fujifilmmodel:apeos c7070scope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeosport c2560scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c4421scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeos c328 dwscope:ltversion:202112062053

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c6688scope:ltversion:1.60.1

Trust: 1.0

vendor:fujifilmmodel:docuprint 3208 dscope:ltversion:1.57.5

Trust: 1.0

vendor:fujifilmmodel:apeosport c4570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport 4570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c5570 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c6773scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeosport c2560 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeos c3070scope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeos c3070 gscope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii 4021scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c7070 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c6673scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeosport c7070scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c4570 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:docuprint c3555 dscope:ltversion:1.57.6

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii 5021scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport 5570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c3070scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport c6570 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeos c325 zscope:ltversion:202112062053

Trust: 1.0

vendor:fujifilmmodel:apeosport 5570 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosprint c328 dwscope:ltversion:202112062117

Trust: 1.0

vendor:fujifilmmodel:apeosprint c328scope:ltversion:202112062117

Trust: 1.0

vendor:fujifilmmodel:primelink c9065scope:ltversion:1.145.1

Trust: 1.0

vendor:fujifilmmodel:apeosport c2060 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c5588scope:ltversion:1.60.1

Trust: 1.0

vendor:fujifilmmodel:apeosport c2060scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:primelink c9070scope:ltversion:1.145.1

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c3321scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeospro c750scope:ltversion:1.1.6

Trust: 1.0

vendor:fujifilmmodel:apeosport-vii c3373scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeospro c650scope:ltversion:1.1.6

Trust: 1.0

vendor:fujifilmmodel:apeosport c3070 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:docuprint c2555 dscope:ltversion:1.57.6

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c2273scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c3373scope:ltversion:1.60.2

Trust: 1.0

vendor:canonmodel:imagerunnerscope:lteversion:2020-03-14

Trust: 1.0

vendor:fujifilmmodel:apeos c5570scope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeos c8180scope:ltversion:1.1.6

Trust: 1.0

vendor:fujifilmmodel:docuprint 4405 dscope:ltversion:1.57.5

Trust: 1.0

vendor:fujifilmmodel:docuprint 4408 dscope:ltversion:1.57.5

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c7788scope:ltversion:1.60.1

Trust: 1.0

vendor:fujifilmmodel:apeos c7070 gscope:ltversion:1.1.7

Trust: 1.0

vendor:canonmodel:imageprografscope:ltversion:2020-03-14

Trust: 1.0

vendor:rambusmodel:safezone basic crypto modulescope:gteversion:9.3.0

Trust: 1.0

vendor:fujifilmmodel:apeos c5570 gscope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeos c7580scope:ltversion:1.1.6

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c5573scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c6688scope:ltversion:1.60.1

Trust: 1.0

vendor:fujifilmmodel:apeosport 2560 gscope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:docuprint 3505 dscope:ltversion:1.57.5

Trust: 1.0

vendor:fujifilmmodel:apeosport c3570scope:ltversion:1.60.9

Trust: 1.0

vendor:fujifilmmodel:apeos c6580scope:ltversion:1.1.6

Trust: 1.0

vendor:fujifilmmodel:apeos c6570scope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:docucentre-vii c4473scope:ltversion:1.60.2

Trust: 1.0

vendor:fujifilmmodel:apeos c3570scope:ltversion:1.1.7

Trust: 1.0

vendor:fujifilmmodel:apeos c3570 gscope:ltversion:1.1.7

Trust: 1.0

sources: NVD: CVE-2022-26320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26320
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202203-1379
value: CRITICAL

Trust: 0.6

VULHUB: VHN-415478
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-26320
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-26320
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-415478
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-26320
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-415478 // VULMON: CVE-2022-26320 // CNNVD: CNNVD-202203-1379 // NVD: CVE-2022-26320

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.1

sources: VULHUB: VHN-415478 // NVD: CVE-2022-26320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1379

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202203-1379

PATCH

title: - url:https://github.com/google/paranoid_crypto

Trust: 0.1

sources: VULMON: CVE-2022-26320

EXTERNAL IDS

db:NVDid:CVE-2022-26320

Trust: 1.8

db:CNNVDid:CNNVD-202203-1379

Trust: 0.7

db:VULHUBid:VHN-415478

Trust: 0.1

db:VULMONid:CVE-2022-26320

Trust: 0.1

sources: VULHUB: VHN-415478 // VULMON: CVE-2022-26320 // CNNVD: CNNVD-202203-1379 // NVD: CVE-2022-26320

REFERENCES

url:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html

Trust: 1.8

url:https://fermatattack.secvuln.info

Trust: 1.8

url:https://global.canon/en/support/security/index.html

Trust: 1.8

url:https://safezoneswupdate.com

Trust: 1.8

url:https://www.rambus.com/security/response-center/advisories/rmbs-2021-01/

Trust: 1.0

url:https://web.archive.org/web/20220922042721/https://safezoneswupdate.com/

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2022-26320/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/330.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/google/paranoid_crypto

Trust: 0.1

sources: VULHUB: VHN-415478 // VULMON: CVE-2022-26320 // CNNVD: CNNVD-202203-1379 // NVD: CVE-2022-26320

SOURCES

db:VULHUBid:VHN-415478
db:VULMONid:CVE-2022-26320
db:CNNVDid:CNNVD-202203-1379
db:NVDid:CVE-2022-26320

LAST UPDATE DATE

2024-11-23T22:36:52.390000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415478date:2022-03-23T00:00:00
db:VULMONid:CVE-2022-26320date:2022-03-23T00:00:00
db:CNNVDid:CNNVD-202203-1379date:2022-03-24T00:00:00
db:NVDid:CVE-2022-26320date:2024-11-21T06:53:44.970

SOURCES RELEASE DATE

db:VULHUBid:VHN-415478date:2022-03-14T00:00:00
db:VULMONid:CVE-2022-26320date:2022-03-14T00:00:00
db:CNNVDid:CNNVD-202203-1379date:2022-03-14T00:00:00
db:NVDid:CVE-2022-26320date:2022-03-14T18:15:08.123