A security vulnerability has been identified in UTAX’s MFPs and printers. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.
1. Vulnerability description
Three vulnerabilities have been identified.
- Session Management Defects in Command Center Vulnerability (CVE-2022-41798)
A vulnerability that allows users to login without login authentication by forged cookies in an environment where the product is accessible through Command Center.
- Inadequate Authentication of Command Center (CVE-2022-41807)
In an usage environment where the product is accessible via Command Center, if a client (a malicious attacker's personal computer) issues a request to a server (the product) to change device settings using the Common Gateway Interface (CGI), configuration changes can be made without logging in to Command Center.
- Cross-site scripting vulnerability in Command Center (CVE-2022-41830）
UTAX is providing firmware that addresses the security vulnerability. This vulnerability is not expected to have any impact unless it is introduced into the customer's network from the outside. Firewalls and other security measures are recommended.
3. Impact on our products
Below you will find an overview of UTAX products that are NOT affected by the security vulnerabilities.