Stack-based buffer overflow in Canon U.S.A. Hardware solutions

#VU61484 Stack-based buffer overflow in Canon U.S.A. Hardware solutions

Published: 2022-03-21

Vulnerability identifier: #VU61484

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24674

CWE-ID: CWE-121

Exploitation vector: Local network

Exploit availability: No

Vendor: Canon U.S.A.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the privet API. A remote unauthenticated attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MF1127C: All versions

MF1238: All versions

MF445DW: All versions

MF448DW: All versions

MF449DW: All versions

MF543DW: All versions

MF632CDW: All versions

MF634CDW: All versions

MF641CW: All versions

MF642CDW: All versions

MF644CDW: All versions

MF731CDW: All versions

MF733CDW: All versions

MF735CDW: All versions

MF741CDW: All versions

MF743CDW: All versions

MF745CDW: All versions

MF746CDW: All versions

LBP1127C: All versions

LBP1238: All versions

LBP226DW: All versions

LBP227DW: All versions

LBP228DW: All versions

LBP612CDW: All versions

LBP622CDW: All versions

LBP623CDW: All versions

LBP654CDW: All versions

LBP664CDW: All versions

External links
http://www.zerodayinitiative.com/advisories/ZDI-22-516/
http://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/!ut/p/z1/pVLLbsIwEPyWfoC1xnEccswDGighBRIgvlTGCakl8lBAUPr1DYhWQhHhUN_Wnt2ZHQ9wWAMvxFFl4qDKQuyaOubsw595fW_k4EkQvtnYGtjBQmOuhh0NVlcAfnAsDPyuf0gG2PLD5cTXRhqes1t_B4B38y8hdiH-mkRudWoNa6F5t9bxM7WNHaT2HT8DXonDJ1LFtoR1VavikNZ7WMtyV9ZoJ_Zp_VuoXGSpbK72KN8ySmVy6npaAb8XgeemgS3mMs-c2ng001uApU0bgOk6GhleFrkBOvaMG5-Mhz6R5lePKj1BVJR13oRgcZlYSZVAnKQ0TSQVSJcmRZQSiTYaNZHQe0Q3MGHJloLXZgiMHp7R9yDUiU78kP2TYfwsFqvBXyh4D6o8iooz4rHL5t63PUWvzqZ_zl5-AOW_2L4!/dz/d5/L2dBISEvZ0FBIS9nQSEh/?urile=wcm%3Apath%3A%2FCanon_NewWeb_Products%2Fproduct-advisories%2Fcanon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Canon U.S.A. imageCLASS MF Series and imageCLASS LBP Series