CVE-2023-46327 [Medium] | Authentication Bypass in Primelink C9065 Firmware

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-11-21	0.14%	0.16%	+0.02%
2	2025-11-18	0.16%	0.14%	-0.02%
3	2025-04-15	—	0.16%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-11-21

0.14%

0.16%

+0.02%

2025-11-18

0.16%

0.14%

-0.02%

2025-04-15

—

0.16%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.9	3.1	MEDIUM	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	2.2	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.9

3.1

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

2.2

3.6

[email protected]

Affected software / configurations for CVE-2023-46327

Vendor	Product	Version	Raw CPE
xerox	primelink_c9065_firmware	< 85.40.31	cpe:2.3:o:xerox:primelink_c9065_firmware::::::::
xerox	primelink_c9070_firmware	< 85.40.31	cpe:2.3:o:xerox:primelink_c9070_firmware::::::::
xerox	primelink_b9136_firmware	< 90.40.91	cpe:2.3:o:xerox:primelink_b9136_firmware::::::::
xerox	primelink_b9125_firmware	< 90.40.91	cpe:2.3:o:xerox:primelink_b9125_firmware::::::::
xerox	primelink_b9110_firmware	< 90.40.91	cpe:2.3:o:xerox:primelink_b9110_firmware::::::::
xerox	primelink_b9100_firmware	< 90.40.91	cpe:2.3:o:xerox:primelink_b9100_firmware::::::::
xerox	versalink_c405_firmware	< 68.81.41	cpe:2.3:o:xerox:versalink_c405_firmware::::::::
xerox	versalink_c505_firmware	< 68.81.41	cpe:2.3:o:xerox:versalink_c505_firmware::::::::
xerox	versalink_c605_firmware	< 68.81.41	cpe:2.3:o:xerox:versalink_c605_firmware::::::::
xerox	versalink_c7000_firmware	< 56.74.51	cpe:2.3:o:xerox:versalink_c7000_firmware::::::::
xerox	versalink_c7020_firmware	< 57.74.51	cpe:2.3:o:xerox:versalink_c7020_firmware::::::::
xerox	versalink_c7025_firmware	< 57.74.51	cpe:2.3:o:xerox:versalink_c7025_firmware::::::::
xerox	versalink_c7030_firmware	< 57.74.51	cpe:2.3:o:xerox:versalink_c7030_firmware::::::::
xerox	versalink_c7130_firmware	< 69.23.41	cpe:2.3:o:xerox:versalink_c7130_firmware::::::::
xerox	versalink_c7125_firmware	< 69.23.41	cpe:2.3:o:xerox:versalink_c7125_firmware::::::::
xerox	versalink_c7120_firmware	< 69.23.41	cpe:2.3:o:xerox:versalink_c7120_firmware::::::::
xerox	versalink_b405_firmware	< 38.81.41	cpe:2.3:o:xerox:versalink_b405_firmware::::::::
xerox	versalink_b605_firmware	< 38.81.41	cpe:2.3:o:xerox:versalink_b605_firmware::::::::
xerox	versalink_b615_firmware	< 38.81.41	cpe:2.3:o:xerox:versalink_b615_firmware::::::::
xerox	versalink_b7125_firmware	< 59.23.41	cpe:2.3:o:xerox:versalink_b7125_firmware::::::::
xerox	versalink_b7130_firmware	< 59.23.41	cpe:2.3:o:xerox:versalink_b7130_firmware::::::::
xerox	versalink_b7135_firmware	< 59.23.41	cpe:2.3:o:xerox:versalink_b7135_firmware::::::::
xerox	workcentre_6515_firmware	< 65.74.51	cpe:2.3:o:xerox:workcentre_6515_firmware::::::::
fujifilm	apeos_3560_firmware	>= 1.0.0, <= 1.2.16	cpe:2.3:o:fujifilm:apeos_3560_firmware::::::::
fujifilm	apeos_3560_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_3560_firmware::::::::
fujifilm	apeos_3060_firmware	>= 1.0.0, <= 1.2.16	cpe:2.3:o:fujifilm:apeos_3060_firmware::::::::
fujifilm	apeos_3060_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_3060_firmware::::::::
fujifilm	apeos_2560_firmware	>= 1.0.0, <= 1.2.16	cpe:2.3:o:fujifilm:apeos_2560_firmware::::::::
fujifilm	apeos_2560_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_2560_firmware::::::::
fujifilm	apeos_3560_gk_firmware	>= 1.0.0, <= 1.2.16	cpe:2.3:o:fujifilm:apeos_3560_gk_firmware::::::::
fujifilm	apeos_3560_gk_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_3560_gk_firmware::::::::
fujifilm	apeos_3060_gk_firmware	>= 1.0.0, <= 1.2.16	cpe:2.3:o:fujifilm:apeos_3060_gk_firmware::::::::
fujifilm	apeos_3060_gk_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_3060_gk_firmware::::::::
fujifilm	apeos_2560_gk_firmware	>= 1.0.0, <= 1.2.16	cpe:2.3:o:fujifilm:apeos_2560_gk_firmware::::::::
fujifilm	apeos_2560_gk_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_2560_gk_firmware::::::::
fujifilm	apeos_5330_firmware	< 1.20.9	cpe:2.3:o:fujifilm:apeos_5330_firmware::::::::
fujifilm	apeos_4830_firmware	< 1.20.9	cpe:2.3:o:fujifilm:apeos_4830_firmware::::::::
fujifilm	apeos_5570_firmware	>= 1.0.0, <= 1.3.6	cpe:2.3:o:fujifilm:apeos_5570_firmware::::::::
fujifilm	apeos_5570_firmware	>= 1.21.0, <= 1.26.9	cpe:2.3:o:fujifilm:apeos_5570_firmware::::::::
fujifilm	apeos_4570_firmware	>= 1.0.0, <= 1.3.6	cpe:2.3:o:fujifilm:apeos_4570_firmware::::::::
fujifilm	apeos_4570_firmware	>= 1.21.0, <= 1.26.9	cpe:2.3:o:fujifilm:apeos_4570_firmware::::::::
fujifilm	apeos_6340_firmware	>= 1.0.0, <= 1.2.11	cpe:2.3:o:fujifilm:apeos_6340_firmware::::::::
fujifilm	apeos_6340_firmware	>= 1.20.0, <= 1.20.6	cpe:2.3:o:fujifilm:apeos_6340_firmware::::::::
fujifilm	apeos_7580_firmware	< 1.26.9	cpe:2.3:o:fujifilm:apeos_7580_firmware::::::::
fujifilm	apeos_6580_firmware	< 1.26.9	cpe:2.3:o:fujifilm:apeos_6580_firmware::::::::
fujifilm	apeos_c2570_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c2570_firmware::::::::
fujifilm	apeos_c2570_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c2570_firmware::::::::
fujifilm	apeos_c3070_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c3070_firmware::::::::
fujifilm	apeos_c3070_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c3070_firmware::::::::
fujifilm	apeos_c3570_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c3570_firmware::::::::
fujifilm	apeos_c3570_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c3570_firmware::::::::
fujifilm	apeos_c4570_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c4570_firmware::::::::
fujifilm	apeos_c4570_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c4570_firmware::::::::
fujifilm	apeos_c5570_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c5570_firmware::::::::
fujifilm	apeos_c5570_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c5570_firmware::::::::
fujifilm	apeos_c6570_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c6570_firmware::::::::
fujifilm	apeos_c6570_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c6570_firmware::::::::
fujifilm	apeos_c7070_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c7070_firmware::::::::
fujifilm	apeos_c7070_firmware	>= 1.21.0, <= 1.26.11	cpe:2.3:o:fujifilm:apeos_c7070_firmware::::::::
fujifilm	apeos_c3060_firmware	>= 1.0.0, <= 1.2.14	cpe:2.3:o:fujifilm:apeos_c3060_firmware::::::::
fujifilm	apeos_c3060_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_c3060_firmware::::::::
fujifilm	apeos_c2060_firmware	>= 1.0.0, <= 1.2.14	cpe:2.3:o:fujifilm:apeos_c2060_firmware::::::::
fujifilm	apeos_c2060_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_c2060_firmware::::::::
fujifilm	apeos_c2560_firmware	>= 1.0.0, <= 1.2.14	cpe:2.3:o:fujifilm:apeos_c2560_firmware::::::::
fujifilm	apeos_c2560_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_c2560_firmware::::::::
fujifilm	apeos_c3060_gk_firmware	>= 1.0.0, <= 1.2.14	cpe:2.3:o:fujifilm:apeos_c3060_gk_firmware::::::::
fujifilm	apeos_c3060_gk_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_c3060_gk_firmware::::::::
fujifilm	apeos_c2560_gk_firmware	>= 1.0.0, <= 1.2.14	cpe:2.3:o:fujifilm:apeos_c2560_gk_firmware::::::::
fujifilm	apeos_c2560_gk_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_c2560_gk_firmware::::::::
fujifilm	apeos_c2060_gk_firmware	>= 1.0.0, <= 1.2.14	cpe:2.3:o:fujifilm:apeos_c2060_gk_firmware::::::::
fujifilm	apeos_c2060_gk_firmware	>= 1.20.0, <= 1.26.10	cpe:2.3:o:fujifilm:apeos_c2060_gk_firmware::::::::
fujifilm	apeos_c4030_firmware	< 1.20.10	cpe:2.3:o:fujifilm:apeos_c4030_firmware::::::::
fujifilm	apeos_c3530_firmware	< 1.20.10	cpe:2.3:o:fujifilm:apeos_c3530_firmware::::::::
fujifilm	apeos_c5240_firmware	>= 1.0.0, <= 1.2.12	cpe:2.3:o:fujifilm:apeos_c5240_firmware::::::::
fujifilm	apeos_c5240_firmware	>= 1.20.0, <= 1.20.6	cpe:2.3:o:fujifilm:apeos_c5240_firmware::::::::
fujifilm	apeos_c8180_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c8180_firmware::::::::
fujifilm	apeos_c8180_firmware	>= 1.21.0, <= 1.26.12	cpe:2.3:o:fujifilm:apeos_c8180_firmware::::::::
fujifilm	apeos_c7580_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c7580_firmware::::::::
fujifilm	apeos_c7580_firmware	>= 1.21.0, <= 1.26.12	cpe:2.3:o:fujifilm:apeos_c7580_firmware::::::::
fujifilm	apeos_c6580_firmware	>= 1.0.0, <= 1.3.7	cpe:2.3:o:fujifilm:apeos_c6580_firmware::::::::

References for CVE-2023-46327

URL	Tags
https://jvn.jp/en/vu/JVNVU96482726/index.html	Third Party Advisory
https://security.business.xerox.com/en-us/documents/bulletins/	Vendor Advisory
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/1031_addressbook_announce.html	Vendor Advisory

URL

CVE-2023-46327

Exploit prediction scoring system (EPSS) score for CVE-2023-46327

Common vulnerability scoring system (CVSS) metrics for CVE-2023-46327

Weakness enumeration for CVE-2023-46327

Affected software / configurations for CVE-2023-46327

References for CVE-2023-46327