Vulnerability identifier: #VU76478
Vulnerability risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
imageCLASS MF1127C
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF262DW II
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF264DW II
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF267DW II
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF269DW II
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF269DW VP II
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF272DW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF273DW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF275DW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF641CW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF642CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF644CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF741CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF743CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF745CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS MF746CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS LBP122DW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS LBP1127C
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS LBP622CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS LBP623CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imageCLASS LBP664CDW
Hardware solutions /
Office equipment, IP-phones, print servers
imagePROGRAF TC-20
Hardware solutions /
Office equipment, IP-phones, print servers
imagePROGRAF TC-20M
Hardware solutions /
Office equipment, IP-phones, print servers
PIXMA G3270
Hardware solutions /
Office equipment, IP-phones, print servers
PIXMA G4270
Hardware solutions /
Office equipment, IP-phones, print servers
MAXIFY GX3020
Hardware solutions /
Office equipment, IP-phones, print servers
MAXIFY GX4020
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: Canon U.S.A.
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the product.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
imageCLASS MF1127C: All versions
imageCLASS MF262DW II: All versions
imageCLASS MF264DW II: All versions
imageCLASS MF267DW II: All versions
imageCLASS MF269DW II: All versions
imageCLASS MF269DW VP II: All versions
imageCLASS MF272DW: All versions
imageCLASS MF273DW: All versions
imageCLASS MF275DW: All versions
imageCLASS MF641CW: All versions
imageCLASS MF642CDW: All versions
imageCLASS MF644CDW: All versions
imageCLASS MF741CDW: All versions
imageCLASS MF743CDW: All versions
imageCLASS MF745CDW: All versions
imageCLASS MF746CDW: All versions
imageCLASS LBP122DW: All versions
imageCLASS LBP1127C: All versions
imageCLASS LBP622CDW: All versions
imageCLASS LBP623CDW: All versions
imageCLASS LBP664CDW: All versions
imagePROGRAF TC-20: All versions
imagePROGRAF TC-20M: All versions
PIXMA G3270: All versions
PIXMA G4270: All versions
MAXIFY GX3020: All versions
MAXIFY GX4020: All versions
External links
http://jvn.jp/en/vu/JVNVU94777298/index.html
http://psirt.canon/advisory-information/cp2023-001/
http://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediatio...
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.