Unauthorized Access Risk in Canon Multifunction Printers and Laser Printers
CVE-2023-0857

5.9MEDIUM

Key Information:

Vendor: Canon Inc.
Status: Canon Office/small Office Multifunction Printers And Laser Printers
Vendor: CVE Published:; 11 May 2023

Summary

This vulnerability involves an unintentional change of settings during the initial registration of system administrators on affected Canon multifunction and laser printers. Attackers within the same network segment may exploit this flaw to gain unauthorized access, potentially compromising sensitive data. The affected devices include various models of Satera, Color imageCLASS, and i-SENSYS printers sold across different regions, all using firmware version 11.04 and earlier. Users are advised to update their printer firmware to mitigate this risk.

Affected Version(s)

Canon Office/Small Office Multifunction Printers and Laser Printers Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

References

https://www.canon-europe.com/support/product-security-lat...

https://psirt.canon/advisory-information/cp2023-001/

https://canon.jp/support/support-info/230414vulnerability...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Feb 16, 2023