Sharp Electronics (UK) Ltd., Document Systems Support
1. Summary of Vulnerability
Due to the bug existing to the specific version of OpenSSL which is software module of open-source
encrypted communication, the malicious attacker can illegally read the contents of data in the memory
of the communication partner.
Contents of the memory may include the secret key and the detail of communication on the server,
depending on the timing of reading.
2. Extent of impact with vulnerability when using our product/service
Following countermeasures will enable the c
ustomer’s information to be properly protected.
Please check the installation status/setting status.
■ When connecting from external device to Digital Malfunction Printer;
The information of Admin password of MFP or secret key used for SSL communication may illegally be
read by the attack of the malicious attacker. However, those information can be protected from the
unauthorized access from outside by placing MFP within the firewall.
■When connecting from MFP to the external server;
Please limit the communication only with the reliable server.
As for the access to the external website using Web Browsing Expansion Kit (MX-AM10), even though
the model is applicable to this vulnerability, it is not affected as the used software module is different.