PT-2020-12275 · Canon · Canon Oce Colorwave 500

Published

2020-03-19

Updated

2020-03-24

CVE-2020-10669

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Canon Oce Colorwave 500 version 4.0.0.0

Description The web application exposed by the Canon Oce Colorwave 500 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users.

Recommendations For version 4.0.0.0, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the /home.jsp page until the update is applied.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-10669

Affected Products

Canon Oce Colorwave 500

PT-2020-12275 · Canon · Canon Oce Colorwave 500

CVE-2020-10669

Weakness Enumeration

Related Identifiers

Affected Products

References · 6