Canon PSIRT Logo

Regarding the results of our investigation into vulnerabilities in products equipped with fax functions

Regarding the results of our investigation into vulnerabilities in products equipped with fax functions

August 30, 2018
Canon Inc.
 
 
Recently, researchers reported on vulnerabilities found in the communication protocols in the fax functions of certain products. (CVE-ID: CVE-2018-5924, CVE 2018-5925)
 
For information regarding the impact of these vulnerabilities on Canon products equipped with fax functions, please see below:
 
Based on our review, as they do not employ the color G3 Fax Protocol exploited by these vulnerabilities, the following products are unaffected:
imageRUNNER/iR, imageRUNNER ADVANCE, LASER CLASS, imagePRESS, FAXPHONE, GP and imageCLASS/i-SENSYS series models equipped with fax functions.
 
MAXIFY and PIXMA series products equipped with fax functions do make use of the color G3 Fax Protocol. However, we have not identified any risk of malicious code being executed via the fax circuit or risk to the security of information saved on these devices.
 
We will continue to monitor this situation and take appropriate action necessary to help ensure the security of our devices.