Sensitive Information Disclosure in Canon IJ Network Tool for macOS
CVE-2023-1764

6.5MEDIUM

Key Information:

Vendor: Canon Inc.
Status: Canon Ij Nw Tool
Vendor: CVE Published:; 17 May 2023

Summary

The Canon IJ Network Tool, versions 4.7.5 and earlier, supports various macOS versions and contains a vulnerability that allows attackers to access sensitive information regarding the Wi-Fi connection setup of connected printers. This security flaw arises from insecure communications within the software, enabling unauthorized users to potentially intercept vital configuration details.

Affected Version(s)

Canon IJ NW Tool Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8)

References

https://psirt.canon/advisory-information/cp2023-002/

https://psirt.canon/hardening/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2023
Vulnerability Reserved
Mar 31, 2023