COVID Delays Patching of Vulnerable Konica Minolta Printers

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

3rd Party Risk Management , Endpoint Security , Governance & Risk Management

3 Bugs Found in 2019 Cannot Be Patched Without Physical Access to the Printers Mihir Bagwe • May 13, 2022     Attackers with physical access to the printers could access admin passwords in clear text. (Source: Konica Minolta)

Hundreds of thousands of Konica Minolta printers that are used widely across businesses have reportedly been vulnerable to three critical flaws since 2019. Although a patch was made available in early 2020, the deployment could not be done at the time since the firmware update required physical access to the printers and COVID-19 lockdowns around the globe made that difficult, if not impossible.

See Also: OnDemand Webinar | Third-Party Cyber Resilience: Challenging Trends & Tools to Thrive in Spite of Them

The vulnerabilities that are now being tracked as CVE-2022-29586, CVE-2022-29587 and CVE-2022-29588 were found by researchers at SEC Consult, an Atos-owned cybersecurity firm. If successfully exploited, they could give an attacker root privileges to the underlying operating systems used in the printers.

The catch? Just as updating the firmware requires physical access, its exploitation also requires physical access to the printer, according to SEC Consult’s security advisory.

But this does not mean that exploitation of the vulnerability is less likely, Johannes Greil, the head of SEC Consult Vulnerability Lab, tells Information Security Media Group. “The chances [of exploitation] are very high, especially in business environments where those printers are mainly being used.

Read more

Explore the site

More from the blog

Latest News