CP2023-002 Vulnerabilities of IJ Network Tool regarding Wi-Fi connection setup
May 10, 2023
Canon Inc.
Description
A couple of vulnerabilities have been identified for IJ Network Tool (Hereafter, the Software). These vulnerabilities suggest the possibility that an attacker connected to the same network as the printer may be able to acquire sensitive information on the Wi-Fi connection setup of the printer by using the Software or by referring to its communication.
Affected Products/Versions
IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13)
IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8)
CVE/CVSS
CVE-2023-1763: | Acquisition of sensitive information on the Wi-Fi connection setup of the printer from the Software |
CVSS v3 CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5 | |
CVE-2023-1764: | Acquisition of sensitive information on the Wi-Fi connection setup of the printer from the communication of the Software |
CVSS v3 CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5 |
Mitigation/Remediation
For CVE-2023-1763:
The workaround for this vulnerability is to use printers with a trusted network connection. Please refer here for “Securing products when connecting to a network”. In addition, the Software designed to address this issue will be released accordingly.
For CVE-2023-1764:
The workaround for this vulnerability is to use printers with a trusted network connection. Please refer here for “Securing products when connecting to a network”.