CVE-2022-26320 Information
Jun 07, 2022
cve
Description
The Rambus SafeZone Basic Crypto Module before 10.4.0 as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01 Canon imagePROGRAF and imageRUNNER devices through 2022-03-14 and potentially many other devices generates RSA keys that can be broken with Fermat’s factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Reference
https://fermatattack.secvuln.info https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_rsakey_announce.html https://safezoneswupdate.com https://global.canon/en/support/security/index.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
NONE
Base Severity
9.1
Share on: