6.8
MEDIUM
CVE-2021-20872
KONICA MINOLTA bizhub series Firmware Integrity Verification Bypass Vulnerability
Description

Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware.

INFO

Published Date :

Jan. 4, 2022, 4:15 a.m.

Last Modified :

Jan. 13, 2022, 1:33 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.9
Affected Products

The following products are affected by CVE-2021-20872 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Konicaminolta bizhub_c759_firmware
2 Konicaminolta bizhub_c659_firmware
3 Konicaminolta bizhub_c658_firmware
4 Konicaminolta bizhub_c558_firmware
5 Konicaminolta bizhub_c458_firmware
6 Konicaminolta bizhub_958_firmware
7 Konicaminolta bizhub_808_firmware
8 Konicaminolta bizhub_758_firmware
9 Konicaminolta bizhub_658e_firmware
10 Konicaminolta bizhub_558e_firmware
11 Konicaminolta bizhub_458e_firmware
12 Konicaminolta bizhub_c287_firmware
13 Konicaminolta bizhub_c227_firmware
14 Konicaminolta bizhub_287_firmware
15 Konicaminolta bizhub_227_firmware
16 Konicaminolta bizhub_368e_firmware
17 Konicaminolta bizhub_308e_firmware
18 Konicaminolta bizhub_c368_firmware
19 Konicaminolta bizhub_c308_firmware
20 Konicaminolta bizhub_c258_firmware
21 Konicaminolta bizhub_558_firmware
22 Konicaminolta bizhub_458_firmware
23 Konicaminolta bizhub_368_firmware
24 Konicaminolta bizhub_308_firmware
25 Konicaminolta bizhub_c754e_firmware
26 Konicaminolta bizhub_c654e_firmware
27 Konicaminolta bizhub_754e_firmware
28 Konicaminolta bizhub_654e_firmware
29 Konicaminolta bizhub_c554e_firmware
30 Konicaminolta bizhub_c454e_firmware
31 Konicaminolta bizhub_c364e_firmware
32 Konicaminolta bizhub_c284e_firmware
33 Konicaminolta bizhub_c224e_firmware
34 Konicaminolta bizhub_554e_firmware
35 Konicaminolta bizhub_454e_firmware
36 Konicaminolta bizhub_364e_firmware
37 Konicaminolta bizhub_284e_firmware
38 Konicaminolta bizhub_224e_firmware
39 Konicaminolta bizhub_c754_firmware
40 Konicaminolta bizhub_c654_firmware
41 Konicaminolta bizhub_c554_firmware
42 Konicaminolta bizhub_c454_firmware
43 Konicaminolta bizhub_c364_firmware
44 Konicaminolta bizhub_c284_firmware
45 Konicaminolta bizhub_c224_firmware
46 Konicaminolta bizhub_754_firmware
47 Konicaminolta bizhub_654_firmware
48 Konicaminolta bizhub_c3851fs_firmware
49 Konicaminolta bizhub_c3851_firmware
50 Konicaminolta bizhub_c3351_firmware
51 Konicaminolta bizhub_4752_firmware
52 Konicaminolta bizhub_4052_firmware
: Total Affected Vendor : 1 | Products : 52
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-20872.

URL Resource
https://jvn.jp/en/vu/JVNVU95192472/index.html Third Party Advisory VDB Entry
https://jvn.jp/vu/JVNVU95192472/index.html Third Party Advisory VDB Entry
https://www.konicaminolta.com/global/newsroom/topics/2021/1224-01-01.html Mitigation Vendor Advisory
https://www.konicaminolta.jp/business/support/important/211224_01_01.html Mitigation Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-20872 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-20872 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jan. 13, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://jvn.jp/en/vu/JVNVU95192472/index.html No Types Assigned https://jvn.jp/en/vu/JVNVU95192472/index.html Third Party Advisory, VDB Entry
    Changed Reference Type https://jvn.jp/vu/JVNVU95192472/index.html No Types Assigned https://jvn.jp/vu/JVNVU95192472/index.html Third Party Advisory, VDB Entry
    Changed Reference Type https://www.konicaminolta.com/global/newsroom/topics/2021/1224-01-01.html No Types Assigned https://www.konicaminolta.com/global/newsroom/topics/2021/1224-01-01.html Mitigation, Vendor Advisory
    Changed Reference Type https://www.konicaminolta.jp/business/support/important/211224_01_01.html No Types Assigned https://www.konicaminolta.jp/business/support/important/211224_01_01.html Mitigation, Vendor Advisory
    Added CWE NIST NVD-CWE-Other
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c759_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_c759:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c659_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_c659:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c658_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_c658:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c558_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_c558:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c458_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_c458:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_958_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_958:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_808_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_808:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_758_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_758:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_658e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_658e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_558e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_558e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_458e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y1 OR cpe:2.3:h:konicaminolta:bizhub_458e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c287_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y0 OR cpe:2.3:h:konicaminolta:bizhub_c287:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c227_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y0 OR cpe:2.3:h:konicaminolta:bizhub_c227:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_287_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y0 OR cpe:2.3:h:konicaminolta:bizhub_287:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_227_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-y0 OR cpe:2.3:h:konicaminolta:bizhub_227:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_368e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x8 OR cpe:2.3:h:konicaminolta:bizhub_368e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_308e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x8 OR cpe:2.3:h:konicaminolta:bizhub_308e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c368_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_c368:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c308_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_c308:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c258_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_c258:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_558_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_558:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_458_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_458:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_368_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_368:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_308_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_308:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c754e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m0 OR cpe:2.3:h:konicaminolta:bizhub_c754e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c654e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m0 OR cpe:2.3:h:konicaminolta:bizhub_c654e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_754e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m0 OR cpe:2.3:h:konicaminolta:bizhub_754e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_654e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m0 OR cpe:2.3:h:konicaminolta:bizhub_654e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c554e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_c554e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c454e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_c454e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c364e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_c364e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c284e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_c284e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c224e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_c224e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_554e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_554e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_454e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_454e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_364e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_364e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_284e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_284e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_224e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gdr-m1 OR cpe:2.3:h:konicaminolta:bizhub_224e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c754_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c754:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c654_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c654:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c554_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c554:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c454_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c454:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c364_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c364:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c284_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c284:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c224_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_c224:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_754_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_754:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_654_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gr4-m0 OR cpe:2.3:h:konicaminolta:bizhub_654:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c3851fs_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_c3851fs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c3851_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_c3851:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_c3351_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_c3351:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_4752_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_4752:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:konicaminolta:bizhub_4052_firmware:*:*:*:*:*:*:*:* versions up to (excluding) gca-x4 OR cpe:2.3:h:konicaminolta:bizhub_4052:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-20872 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-20872 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.15 }} 0.01%

score

0.51074

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: