#VU76480 Input validation error in Canon U.S.A. products


Vulnerability identifier: #VU76480

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0859

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
imageCLASS MF1127C
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF262DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF264DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF267DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF269DW II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF269DW VP II
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF272DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF273DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF275DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF641CW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF642CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF644CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF741CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF743CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF745CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS MF746CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP122DW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP1127C
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP622CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP623CDW
Hardware solutions / Office equipment, IP-phones, print servers
imageCLASS LBP664CDW
Hardware solutions / Office equipment, IP-phones, print servers
imagePROGRAF TC-20
Hardware solutions / Office equipment, IP-phones, print servers
imagePROGRAF TC-20M
Hardware solutions / Office equipment, IP-phones, print servers
PIXMA G3270
Hardware solutions / Office equipment, IP-phones, print servers
PIXMA G4270
Hardware solutions / Office equipment, IP-phones, print servers
MAXIFY GX3020
Hardware solutions / Office equipment, IP-phones, print servers
MAXIFY GX4020
Hardware solutions / Office equipment, IP-phones, print servers

Vendor: Canon U.S.A.

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can pass specially crafted input to the application and install an arbitrary file on the product.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

imageCLASS MF1127C: All versions

imageCLASS MF262DW II: All versions

imageCLASS MF264DW II: All versions

imageCLASS MF267DW II: All versions

imageCLASS MF269DW II: All versions

imageCLASS MF269DW VP II: All versions

imageCLASS MF272DW: All versions

imageCLASS MF273DW: All versions

imageCLASS MF275DW: All versions

imageCLASS MF641CW: All versions

imageCLASS MF642CDW: All versions

imageCLASS MF644CDW: All versions

imageCLASS MF741CDW: All versions

imageCLASS MF743CDW: All versions

imageCLASS MF745CDW: All versions

imageCLASS MF746CDW: All versions

imageCLASS LBP122DW: All versions

imageCLASS LBP1127C: All versions

imageCLASS LBP622CDW: All versions

imageCLASS LBP623CDW: All versions

imageCLASS LBP664CDW: All versions

imagePROGRAF TC-20: All versions

imagePROGRAF TC-20M: All versions

PIXMA G3270: All versions

PIXMA G4270: All versions

MAXIFY GX3020: All versions

MAXIFY GX4020: All versions


External links
http://jvn.jp/en/vu/JVNVU94777298/index.html
http://psirt.canon/advisory-information/cp2023-001/
http://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediatio...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability