Cyber Resilience

CVE-2022-26320

Critical

Published: 14 March 2022

Published
14 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0038 60.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26320 is a critical-severity Use of Insufficiently Random Values (CWE-330) vulnerability in Fujifilm Apeosport C3060 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 40.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's…

more

factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rambus
safezone basic crypto module
9.3.0 — 10.4.0
fujifilm
apeos c7070 firmware
≤ 1.1.7
fujifilm
apeos c6570 firmware
≤ 1.1.7
fujifilm
apeos c5570 firmware
≤ 1.1.7
fujifilm
apeos c4570 firmware
≤ 1.1.7
fujifilm
apeos c3570 firmware
≤ 1.1.7
fujifilm
apeos c3070 firmware
≤ 1.1.7
fujifilm
apeos c7070 g firmware
≤ 1.1.7
fujifilm
apeos c6570 g firmware
≤ 1.1.7
fujifilm
apeos c5570 g firmware
≤ 1.1.7
+82 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-330

Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.

References