Risk | High |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2023-6229 CVE-2023-6230 CVE-2023-6231 CVE-2023-6232 CVE-2023-6233 CVE-2023-6234 CVE-2024-0244 |
CWE-ID | CWE-787 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
i-SENSYS X C1333P Hardware solutions / Office equipment, IP-phones, print servers i-SENSYS X C1333iF Hardware solutions / Office equipment, IP-phones, print servers i-SENSYS X C1333i Hardware solutions / Office equipment, IP-phones, print servers i-SENSYS MF754Cdw Hardware solutions / Office equipment, IP-phones, print servers i-SENSYS MF752Cdw Hardware solutions / Office equipment, IP-phones, print servers i-SENSYS LBP673Cdw Hardware solutions / Office equipment, IP-phones, print servers |
Vendor | Canon Europe |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU86177
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6229
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CPCA PDL Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86178
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6230
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the Address Book password process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86179
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6231
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in WSD probe request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86180
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6232
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the Address Book username process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86181
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6233
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in SLP attribute request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86182
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6234
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CPCA Color LUT Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86187
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-0244
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CPCA PCFAX number process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsi-SENSYS X C1333P: All versions
i-SENSYS X C1333iF: All versions
i-SENSYS X C1333i: All versions
i-SENSYS MF754Cdw: All versions
i-SENSYS MF752Cdw: All versions
i-SENSYS LBP673Cdw: All versions
CPE2.3http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.