JVNVU#90033405
Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
Overview
Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities.
Products Affected
A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.
Description
Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities (CWE-787, CVE-2023-6229, CVE-2023-6230, CVE-2023-6231, CVE-2023-6232, CVE-2023-6233, CVE-2023-6234, CVE-2024-0244).
Impact
A remote attacker may execute an arbitrary code and/or cause a denial-of-service (DoS) condition.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply the Workaround
Apply the following workarounds to prevent access from untrusted entities.
- Use the product in an environment protected by a firewall, etc.
- Use the product with a private IP address
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.