Multiple vulnerabilities in Canon U.S.A. imageCLASS MF Series and imageCLASS LBP Series

1) Heap-based buffer overflow

EUVDB-ID: #VU61482

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24672

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the CADM service. A remote attacker on the local network can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MF1127C: All versions

MF1238: All versions

MF445DW: All versions

MF448DW: All versions

MF449DW: All versions

MF543DW: All versions

MF632CDW: All versions

MF634CDW: All versions

MF641CW: All versions

MF642CDW: All versions

MF644CDW: All versions

MF731CDW: All versions

MF733CDW: All versions

MF735CDW: All versions

MF741CDW: All versions

MF743CDW: All versions

MF745CDW: All versions

MF746CDW: All versions

LBP1127C: All versions

LBP1238: All versions

LBP226DW: All versions

LBP227DW: All versions

LBP228DW: All versions

LBP612CDW: All versions

LBP622CDW: All versions

LBP623CDW: All versions

LBP654CDW: All versions

LBP664CDW: All versions

External links

http://www.zerodayinitiative.com/advisories/ZDI-22-514/
http://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/!ut/p/z1/pVLLbsIwEPyWfoC1xnEccswDGighBRIgvlTGCakl8lBAUPr1DYhWQhHhUN_Wnt2ZHQ9wWAMvxFFl4qDKQuyaOubsw595fW_k4EkQvtnYGtjBQmOuhh0NVlcAfnAsDPyuf0gG2PLD5cTXRhqes1t_B4B38y8hdiH-mkRudWoNa6F5t9bxM7WNHaT2HT8DXonDJ1LFtoR1VavikNZ7WMtyV9ZoJ_Zp_VuoXGSpbK72KN8ySmVy6npaAb8XgeemgS3mMs-c2ng001uApU0bgOk6GhleFrkBOvaMG5-Mhz6R5lePKj1BVJR13oRgcZlYSZVAnKQ0TSQVSJcmRZQSiTYaNZHQe0Q3MGHJloLXZgiMHp7R9yDUiU78kP2TYfwsFqvBXyh4D6o8iooz4rHL5t63PUWvzqZ_zl5-AOW_2L4!/dz/d5/L2dBISEvZ0FBIS9nQSEh/?urile=wcm%3Apath%3A%2FCanon_NewWeb_Products%2Fproduct-advisories%2Fcanon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU61483

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24673

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the implementation of the SLP protocol. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MF1127C: All versions

MF1238: All versions

MF445DW: All versions

MF448DW: All versions

MF449DW: All versions

MF543DW: All versions

MF632CDW: All versions

MF634CDW: All versions

MF641CW: All versions

MF642CDW: All versions

MF644CDW: All versions

MF731CDW: All versions

MF733CDW: All versions

MF735CDW: All versions

MF741CDW: All versions

MF743CDW: All versions

MF745CDW: All versions

MF746CDW: All versions

LBP1127C: All versions

LBP1238: All versions

LBP226DW: All versions

LBP227DW: All versions

LBP228DW: All versions

LBP612CDW: All versions

LBP622CDW: All versions

LBP623CDW: All versions

LBP654CDW: All versions

LBP664CDW: All versions

External links

http://www.zerodayinitiative.com/advisories/ZDI-22-515/
http://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/!ut/p/z1/pVLLbsIwEPyWfoC1xnEccswDGighBRIgvlTGCakl8lBAUPr1DYhWQhHhUN_Wnt2ZHQ9wWAMvxFFl4qDKQuyaOubsw595fW_k4EkQvtnYGtjBQmOuhh0NVlcAfnAsDPyuf0gG2PLD5cTXRhqes1t_B4B38y8hdiH-mkRudWoNa6F5t9bxM7WNHaT2HT8DXonDJ1LFtoR1VavikNZ7WMtyV9ZoJ_Zp_VuoXGSpbK72KN8ySmVy6npaAb8XgeemgS3mMs-c2ng001uApU0bgOk6GhleFrkBOvaMG5-Mhz6R5lePKj1BVJR13oRgcZlYSZVAnKQ0TSQVSJcmRZQSiTYaNZHQe0Q3MGHJloLXZgiMHp7R9yDUiU78kP2TYfwsFqvBXyh4D6o8iooz4rHL5t63PUWvzqZ_zl5-AOW_2L4!/dz/d5/L2dBISEvZ0FBIS9nQSEh/?urile=wcm%3Apath%3A%2FCanon_NewWeb_Products%2Fproduct-advisories%2Fcanon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU61484

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24674

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the privet API. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MF1127C: All versions

MF1238: All versions

MF445DW: All versions

MF448DW: All versions

MF449DW: All versions

MF543DW: All versions

MF632CDW: All versions

MF634CDW: All versions

MF641CW: All versions

MF642CDW: All versions

MF644CDW: All versions

MF731CDW: All versions

MF733CDW: All versions

MF735CDW: All versions

MF741CDW: All versions

MF743CDW: All versions

MF745CDW: All versions

MF746CDW: All versions

LBP1127C: All versions

LBP1238: All versions

LBP226DW: All versions

LBP227DW: All versions

LBP228DW: All versions

LBP612CDW: All versions

LBP622CDW: All versions

LBP623CDW: All versions

LBP654CDW: All versions

LBP664CDW: All versions

External links

http://www.zerodayinitiative.com/advisories/ZDI-22-516/
http://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/!ut/p/z1/pVLLbsIwEPyWfoC1xnEccswDGighBRIgvlTGCakl8lBAUPr1DYhWQhHhUN_Wnt2ZHQ9wWAMvxFFl4qDKQuyaOubsw595fW_k4EkQvtnYGtjBQmOuhh0NVlcAfnAsDPyuf0gG2PLD5cTXRhqes1t_B4B38y8hdiH-mkRudWoNa6F5t9bxM7WNHaT2HT8DXonDJ1LFtoR1VavikNZ7WMtyV9ZoJ_Zp_VuoXGSpbK72KN8ySmVy6npaAb8XgeemgS3mMs-c2ng001uApU0bgOk6GhleFrkBOvaMG5-Mhz6R5lePKj1BVJR13oRgcZlYSZVAnKQ0TSQVSJcmRZQSiTYaNZHQe0Q3MGHJloLXZgiMHp7R9yDUiU78kP2TYfwsFqvBXyh4D6o8iooz4rHL5t63PUWvzqZ_zl5-AOW_2L4!/dz/d5/L2dBISEvZ0FBIS9nQSEh/?urile=wcm%3Apath%3A%2FCanon_NewWeb_Products%2Fproduct-advisories%2Fcanon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.