HOMEVULNERABILITIESCVE-2023-46327
MEDIUM

CVE-2023-46327

CWE-287Published: November 2, 2023· Updated: Jun 17, 2026

5.9
CVSS v3.1

Official Description

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

NVD Source

Technical Analysis

CVE-2023-46327 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 5.9.

From a weakness classification perspective (CWE-287): Authentication bypass vulnerabilities allow attackers to access protected resources without valid credentials.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityNone
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Vendors & Products

fujifilm140 product(s)
apeos 3560 firmwareapeos 3560apeos 3060 firmwareapeos 3060apeos 2560 firmwareapeos 2560apeos 3560 gk firmwareapeos 3560 gkapeos 3060 gk firmwareapeos 3060 gkapeos 2560 gk firmwareapeos 2560 gk+128
xerox46 product(s)
primelink c9065 firmwareprimelink c9065primelink c9070 firmwareprimelink c9070primelink b9136 firmwareprimelink b9136primelink b9125 firmwareprimelink b9125primelink b9110 firmwareprimelink b9110primelink b9100 firmwareprimelink b9100+34
Source: NVD CPE · 186 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (6)

Quick Facts

CVE IDCVE-2023-46327
CVSS Score5.9 / 10
SeverityMEDIUM
WeaknessCWE-287
CISA KEVNo
Affected2 vendor(s)
PublishedNov 2, 2023

Related CVEs (CWE-287)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2023-46327 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.