CVE-2023-46327
Summary
A vulnerability exists in multifunction printers (MFPs) from FUJIFILM Business Innovation Corp. and Xerox Corporation that allows for the export of the Address Book contents with insufficient encryption. An attacker with knowledge of the encryption process and key can obtain sensitive information like server credentials from this exported data.
IFF Assessment
This vulnerability is a 'foe' for defenders as it allows for the potential exfiltration of sensitive credentials, increasing the risk of further network compromise.
Severity
Defender Context
Defenders should prioritize patching or mitigating this vulnerability on affected FUJIFILM and Xerox MFPs. Unauthorized access to address books could lead to the exposure of network credentials, enabling attackers to move laterally within an organization. Implementing stricter access controls and regularly auditing device configurations are crucial countermeasures.