PT-2020-12277 · Canon · Canon Oce Colorwave 500

Published

2020-03-19

Updated

2020-03-23

CVE-2020-10671

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Canon Oce Colorwave 500 versions prior to the latest version

Description The Canon Oce Colorwave 500 printer's web application lacks CSRF protections, allowing an attacker to perform administrative actions by targeting a logged-in administrative user. This is a system-wide issue.

Recommendations For versions prior to the latest version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-10671

Affected Products

Canon Oce Colorwave 500

PT-2020-12277 · Canon · Canon Oce Colorwave 500

CVE-2020-10671

Weakness Enumeration

Related Identifiers

Affected Products

References · 4