CVE-2022-29588

Q: What is the severity of CVE-2022-29588?

CVE-2022-29588 has a CVSS score of 7.5 (HIGH). Konica Minolta bizhub MFP devices store administrative passwords in cleartext files, allowing attackers with local access to read sensitive credentials. This affects all Konica Minolta bizhub MFP devices manufactured before April 14, 2022. The vulnerability enables privilege escalation and potential device compromise.

7.5 HIGH

📋 TL;DR

Konica Minolta bizhub MFP devices store administrative passwords in cleartext files, allowing attackers with local access to read sensitive credentials. This affects all Konica Minolta bizhub MFP devices manufactured before April 14, 2022. The vulnerability enables privilege escalation and potential device compromise.

💻 Affected Systems

Products:

Konica Minolta bizhub MFP devices

Versions: All versions before 2022-04-14

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Physical or network access to the device is required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the device, modify configurations, install malware, access network resources, and potentially pivot to other systems on the network.

🟠

Likely Case

Local attackers or malicious insiders extract administrative credentials, gain full control of the printer/MFP, and potentially access sensitive documents or network resources.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the printer device itself without network propagation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the device filesystem. Public proof-of-concept demonstrates file access techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware versions after 2022-04-14

Vendor Advisory: https://www.konicaminolta.com/

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from Konica Minolta support portal. 3. Upload firmware to device via web interface. 4. Apply update and restart device.

🔧 Temporary Workarounds

Restrict Physical Access

all

Place devices in secure locations to prevent unauthorized physical access

Network Segmentation

all

Isolate printers on separate VLAN with restricted access

🧯 If You Can't Patch

Implement strict network access controls to limit who can connect to printer management interfaces
Regularly audit and change administrative passwords, monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version date. If manufactured before April 14, 2022, it is vulnerable.

Check Version:

Check via web interface: http://[printer-ip]/wcd/system.xml or via device control panel under System Settings > Device Information

Verify Fix Applied:

Verify firmware version shows date after 2022-04-14 in device web interface or configuration page.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to /var/log/nginx/html/ADMINPASS or /etc/shadow files
Multiple failed login attempts followed by successful administrative access

Network Indicators:

Unusual network traffic from printer to other internal systems
Unexpected administrative access from non-standard IP addresses

SIEM Query:

source="printer_logs" AND (event="file_access" AND (path="/var/log/nginx/html/ADMINPASS" OR path="/etc/shadow")) OR (event="auth_success" AND user="admin" AND src_ip NOT IN [allowed_admin_ips])

📊 Metadata

CVE ID: CVE-2022-29588

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-522

Published: May 16, 2022

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html Third Party Advisory,VDB Entry
https://sec-consult.com/vulnerability-lab/ Third Party Advisory
http://packetstormsecurity.com/files/167166/Konica-Minolta-bizhub-MFP-Printer-Terminal-Sandbox-Escape.html Third Party Advisory,VDB Entry
https://sec-consult.com/vulnerability-lab/ Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bizhub 226i Firmware by Konicaminolta

Bizhub 227 Firmware by Konicaminolta

Bizhub 246i Firmware by Konicaminolta

Bizhub 287 Firmware by Konicaminolta

Bizhub 306i Firmware by Konicaminolta

Bizhub 308 Firmware by Konicaminolta

Bizhub 308e Firmware by Konicaminolta

Bizhub 367 Firmware by Konicaminolta

Bizhub 368 Firmware by Konicaminolta

Bizhub 368e Firmware by Konicaminolta

Bizhub 4052 Firmware by Konicaminolta

Bizhub 458 Firmware by Konicaminolta

Bizhub 458e Firmware by Konicaminolta

Bizhub 4752 Firmware by Konicaminolta

Bizhub 558 Firmware by Konicaminolta

Bizhub 558e Firmware by Konicaminolta

Bizhub 658e Firmware by Konicaminolta

Bizhub 758 Firmware by Konicaminolta

Bizhub 808 Firmware by Konicaminolta

Bizhub 958 Firmware by Konicaminolta

Bizhub C227 Firmware by Konicaminolta

Bizhub C250i Firmware by Konicaminolta

Bizhub C258 Firmware by Konicaminolta

Bizhub C287 Firmware by Konicaminolta

Bizhub C300i Firmware by Konicaminolta

Bizhub C308 Firmware by Konicaminolta

Bizhub C3300i Firmware by Konicaminolta

Bizhub C3320i Firmware by Konicaminolta

Bizhub C3350i Firmware by Konicaminolta

Bizhub C3351 Firmware by Konicaminolta

Bizhub C360i Firmware by Konicaminolta

Bizhub C368 Firmware by Konicaminolta

Bizhub C3851 Firmware by Konicaminolta

Bizhub C3851fs Firmware by Konicaminolta

Bizhub C4000i Firmware by Konicaminolta

Bizhub C4050i Firmware by Konicaminolta

Bizhub C450i Firmware by Konicaminolta

Bizhub C458 Firmware by Konicaminolta

Bizhub C550i Firmware by Konicaminolta

Bizhub C558 Firmware by Konicaminolta

Bizhub C650i Firmware by Konicaminolta

Bizhub C658 Firmware by Konicaminolta

Bizhub C659 Firmware by Konicaminolta

Bizhub C759 Firmware by Konicaminolta

Bizhub Pro958 Firmware by Konicaminolta