Cross-site Scripting Vulnerability in Canon Laser Printers and Multifunctional Devices
CVE-2021-20877

4.8MEDIUM

Key Information:

Vendor

Canon

Status
Canon Laser Printers And Small Office Multifunctional Printers
Vendor
CVE Published:
8 February 2022

What is CVE-2021-20877?

A cross-site scripting vulnerability exists in several Canon laser printers and multifunctional devices that could allow remote attackers to inject arbitrary scripts. This could result in unauthorized actions being executed within the context of the user’s session, potentially compromising sensitive information and system integrity. The affected models primarily include various imageCLASS and iSENSYS printers sold in different regions, necessitating prompt attention from users and IT administrators to mitigate the risks.

Affected Version(s)

Canon laser printers and small office multifunctional printers LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series(MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series(LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS(LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER(2206IF, 2204N, and 2204F) sold in Europe

References

https://cweb.canon.jp/e-support/info/211221xss.html
x_refsource_MISC
https://www.usa.canon.com/internet/portal/us/home/support...
x_refsource_MISC
https://www.canon-europe.com/support/product-security-lat...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.