File Manipulation Risk in Canon Multifunction Printers and Laser Printers
CVE-2023-0859

2.2LOW

Key Information:

Vendor: Canon Inc.
Status: Canon Office/small Office Multifunction Printers And Laser Printers
Vendor: CVE Published:; 11 May 2023

Summary

A vulnerability has been identified in Canon's multifunction and laser printers, where malicious actors could exploit the Settings Data Import function to install arbitrary files. This vulnerability affects multiple product lines, including the Satera, imageCLASS, and i-SENSYS series, with specific firmware versions that were sold in Japan, the US, and Europe. If left unaddressed, these vulnerabilities pose a significant risk to user data and device integrity, necessitating immediate attention and remediation.

Affected Version(s)

Canon Office/Small Office Multifunction Printers and Laser Printers Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

References

https://www.canon-europe.com/support/product-security-lat...

https://psirt.canon/advisory-information/cp2023-001/

https://canon.jp/support/support-info/230414vulnerability...

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Feb 16, 2023