Firmware and CVE-2022-43969

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • techuser
    Junior Member
    • Dec 2022
    • 1
    #1

    Firmware and CVE-2022-43969

    Has anyone any more info on this new security bulletin? So far we are told by Ricoh to update the firmware & all is safe. We don't use FTP on the kit we send out and service. So should we be concerned?

    Information List by Vulnerability | Global | Ricoh
    Tags: concerned, firmware, kit, safe, service
    • slimslob
      Retired

      Site Contributor
      25,000+ Posts
      • May 2013
      • 37047
      #2
      Re: Firmware and CVE-2022-43969

      A couple of things, major corporations very seldom allow FTP on their networks and often will blackball ant vendor who attempts to set one up.

      Now to CVE-2022-43969, I get the impression that unless Ricoh is using code from Quicklert in some part of their firmware or they are not concerned about their equipment causing a breach on a customers but instead are concerned about an SQL breach on the customer's network exposing a machine's address book. According to Assura, CVE-2022-43696 is named Quicklert for Digium Switchvox Version 10 Build 1043 – Blind SQL Injection with Out-of-Band Interaction (DNS) Assura Announces Discovery of Two Vulnerabilities in Quicklert for Digium Switchvox - Assura, Inc.

      And from NVD NVD - CVE-2021-43969

        Comment

        • rthonpm
          Field Supervisor

          2,500+ Posts
          • Aug 2007
          • 2847
          #3
          Re: Firmware and CVE-2022-43969

          While people may not be using FTP for scanning or other active uses, it is running as a service on the device making it accessible over the protocol unless disabled.

          Sent from my Pixel 6 Pro using Tapatalk

            Comment

            Previous template Next
            Working...