Multiple vulnerabilities in Canon Europe Small Office Multifunction Printers and Laser Printers



Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2023-6229
CVE-2023-6230
CVE-2023-6231
CVE-2023-6232
CVE-2023-6233
CVE-2023-6234
CVE-2024-0244
CWE-ID CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
i-SENSYS X C1333P
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS X C1333iF
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS X C1333i
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF754Cdw
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF752Cdw
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS LBP673Cdw
Hardware solutions / Office equipment, IP-phones, print servers

Vendor Canon Europe

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU86177

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6229

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CPCA PDL Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU86178

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6230

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the Address Book password process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU86179

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6231

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WSD probe request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU86180

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6232

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the Address Book username process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU86181

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6233

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in SLP attribute request process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU86182

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6234

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CPCA Color LUT Resource Download process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU86187

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-0244

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CPCA PCFAX number process. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1333P: All versions

i-SENSYS X C1333iF: All versions

i-SENSYS X C1333i: All versions

i-SENSYS MF754Cdw: All versions

i-SENSYS MF752Cdw: All versions

i-SENSYS LBP673Cdw: All versions

CPE2.3 External links

http://www.canon-europe.com/support/product-security-latest-news/
http://canon.a.bigcontent.io/v1/static/CPE2024-001_SmallOfficeMultifunctionPrintersAndLaserPrinters_AffectedModels_20240126


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###