CVE-2021-20870

Name of the Vulnerable Software and Affected Versions KONICA MINOLTA bizhub series versions G00-35 and earlier KONICA MINOLTA bizhub series versions G00-B6 and earlier KONICA MINOLTA bizhub series versions G00-37 and earlier KONICA MINOLTA bizhub series versions G00-33 and earlier KONICA MINOLTA bizhub series versions G00-19 and earlier KONICA MINOLTA bizhub series versions GC7-X8 and earlier KONICA MINOLTA bizhub series versions GC9-X4 and earlier KONICA MINOLTA bizhub series versions GDQ-M0 and earlier KONICA MINOLTA bizhub series versions GDQ-M1 and earlier KONICA MINOLTA bizhub series versions GR1-M0 and earlier KONICA MINOLTA bizhub series versions G00-22 and earlier

Description The issue is related to improper handling of exceptional conditions, allowing a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to a network error by ejecting a HDD before the scan job times out.

Recommendations For KONICA MINOLTA bizhub series versions G00-35 and earlier, consider disabling the scan job functionality until a patch is available. For KONICA MINOLTA bizhub series versions G00-B6 and earlier, restrict access to the HDD to minimize the risk of exploitation. For KONICA MINOLTA bizhub series versions G00-37 and earlier, avoid using the scan data transmission feature until the issue is resolved. For KONICA MINOLTA bizhub series versions G00-33 and earlier, consider implementing additional security measures to protect against physical attacks. For KONICA MINOLTA bizhub series versions G00-19 and earlier, restrict access to the scan job functionality to authorized personnel only. For KONICA MINOLTA bizhub series versions GC7-X8 and earlier, consider updating the firmware to a version that addresses the issue. For KONICA MINOLTA bizhub series versions GC9-X4 and earlier, disable the HDD ejection feature until a patch is available. For KONICA MINOLTA bizhub series versions GDQ-M0 and earlier, restrict access to the scan data transmission feature until the issue is resolved. For KONICA MINOLTA bizhub series versions GDQ-M1 and earlier, consider implementing additional security measures to protect against physical attacks. For KONICA MINOLTA bizhub series versions GR1-M0 and earlier, avoid using the scan job functionality until the issue is resolved. For KONICA MINOLTA bizhub series versions G00-22 and earlier, consider disabling the scan data transmission feature until a patch is available.