A vulnerability in several models of Konica Minolta printers just before the breakout of the pandemic left many devices vulnerable to physical access attacks.
Threat actors could have exploited the vulnerabilities discovered by researchers at SEC Consult Vulnerability Lab via physical access to a printer's touchscreen terminal. According to the maker of investigated devices, Konica Minolta, hundreds of thousands of machines were affected.
Threat actors could have potentially gotten full read and write access to the printer's operating system and data as root. This would have allowed an attacker to manipulate and compromise the printer and its user.
The researchers carried out the analysis in late 2019, looking into two Konica Minolta C3300i and C3350i multi-function printers (MFPs). The investigation resulted in the discovery of three separate vulnerabilities.
The first one (CVE-2022-29586) allowed an attacker to get full access to the underlying OS of the printer as well as a file system. The vulnerability would have allowed an attacker to access configuration files, passwords in clear text, proprietary scripts, and other data if exploited.
Another vulnerability (CVE-2022-29588) exposed a folder named ADMINPASS, which contained the administrator password for the printer terminal and web interface in plain text.
Similarly to the previous one, the third one (CVE-2022-29587) allowed access to files that contained administrator passwords.
According to the researchers, Konica Minolta started fixing the vulnerabilities at the beginning of 2020. However, the pandemic's start limited the patching pace since the firmware had to be updated manually.
Experts point out that printer security is an often overlooked feature of office life. Modern printers have a similar hard-drive capacity as a laptop made two or three years ago. A smart printer can serve as an access point for further movement down the targeted network.
Your email address will not be published. Required fields are markedmarked