Canon PSIRT Logo

CP2023-001 Vulnerabilities Mitigation/Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers

CP2023-001 Vulnerabilities Mitigation/Remediation for Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers

April 14, 2023
Canon Inc.
 
 
Multiple vulnerabilities were found for certain Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers.
These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.
 
<Buffer Overflow>
CVE-2023-0851
CVE-2023-0852
CVE-2023-0853
CVE-2023-0854
CVE-2023-0855
CVE-2023-0856
CVE-2022-43974
 
<Problems during Initial Registration of System Administrators in Control Protocols>
CVE-2023-0857
<Improper Authentication of RemoteUI>
CVE-2023-0858
<Installation of Arbitrary Files>
CVE-2023-0859
 
It is recommended to set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access, please refer here. Firmware designed to address these issues will be uploaded on websites of your local Canon sales representatives accordingly. Please be advised to update the firmware to the latest released version.