#VU76469 Stack-based buffer overflow in Canon U.S.A. products


Vulnerability identifier: #VU76469

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0852

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
imageCLASS MF1127C
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF262DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF264DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF267DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF269DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF269DW VP II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF272DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF273DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF275DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF641CW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF642CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF644CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF741CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF743CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF745CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF746CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP122DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP1127C
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP622CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP623CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP664CDW
Hardware solutions / Office equipment, IP-phones, print servers
imagePROGRAF TC-20
Hardware solutions / Office equipment, IP-phones, print servers
imagePROGRAF TC-20M
Hardware solutions / Office equipment, IP-phones, print servers
PIXMA G3270
Hardware solutions / Office equipment, IP-phones, print servers
PIXMA G4270
Hardware solutions / Office equipment, IP-phones, print servers
MAXIFY GX3020
Hardware solutions / Office equipment, IP-phones, print servers
MAXIFY GX4020
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: Canon U.S.A.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

imageCLASS MF1127C: All versions

imageCLASS MF262DW II: All versions

imageCLASS MF264DW II: All versions

imageCLASS MF267DW II: All versions

imageCLASS MF269DW II: All versions

imageCLASS MF269DW VP II: All versions

imageCLASS MF272DW: All versions

imageCLASS MF273DW: All versions

imageCLASS MF275DW: All versions

imageCLASS MF641CW: All versions

imageCLASS MF642CDW: All versions

imageCLASS MF644CDW: All versions

imageCLASS MF741CDW: All versions

imageCLASS MF743CDW: All versions

imageCLASS MF745CDW: All versions

imageCLASS MF746CDW: All versions

imageCLASS LBP122DW: All versions

imageCLASS LBP1127C: All versions

imageCLASS LBP622CDW: All versions

imageCLASS LBP623CDW: All versions

imageCLASS LBP664CDW: All versions

imagePROGRAF TC-20: All versions

imagePROGRAF TC-20M: All versions

PIXMA G3270: All versions

PIXMA G4270: All versions

MAXIFY GX3020: All versions

MAXIFY GX4020: All versions


External links
http://jvn.jp/en/vu/JVNVU94777298/index.html
http://psirt.canon/advisory-information/cp2023-001/
http://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediatio...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability