Improper Authentication in Canon Multifunction Printers and Laser Printers
CVE-2023-0858

3.1LOW

Key Information:

Vendor: Canon Inc.
Status: Canon Office/small Office Multifunction Printers And Laser Printers
Vendor: CVE Published:; 11 May 2023

Summary

This vulnerability affects specific models of Canon multifunction and laser printers, where improper authentication of the RemoteUI allows attackers within the same network segment to gain unauthorized access. This could lead to various security risks, making firmware updates essential for affected models, including Satera and imageCLASS series sold in different regions. Users are strongly encouraged to apply the latest firmware updates to secure their devices.

Affected Version(s)

Canon Office/Small Office Multifunction Printers and Laser Printers Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

References

https://www.canon-europe.com/support/product-security-lat...

https://psirt.canon/advisory-information/cp2023-001/

https://canon.jp/support/support-info/230414vulnerability...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Feb 16, 2023