CP2023-001 Vulnerabilities Mitigation/Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers

 

 

Multiple vulnerabilities were found for certain Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers.

These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.

 

<Buffer Overflow>

CVE-2023-0851

CVE-2023-0852

CVE-2023-0853

CVE-2023-0854

CVE-2023-0855

CVE-2023-0856

CVE-2022-43974

 

<Problems during Initial Registration of System Administrators in Control Protocols>

CVE-2023-0857

<Improper Authentication of RemoteUI>

CVE-2023-0858

<Installation of Arbitrary Files>

CVE-2023-0859

 

It is recommended to set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access, please refer here. Firmware designed to address these issues will be uploaded on websites of your local Canon sales representatives accordingly. Please be advised to update the firmware to the latest released version.