PT-2021-23851 · Canon · Canon Lbp223

Published

2021-12-06

Updated

2021-12-07

CVE-2021-43471

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Canon LBP223 printers (affected versions not specified)

Description The System Manager Mode login in Canon LBP223 printers does not require an account password or PIN, allowing an attacker to remotely shut down the device after entering the background. This creates a denial of service issue.

Recommendations For Canon LBP223 printers, consider disabling remote access to the System Manager Mode until a patch is available. Restrict access to the System Manager Mode to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2021-43471

Affected Products

Canon Lbp223

PT-2021-23851 · Canon · Canon Lbp223

CVE-2021-43471

Weakness Enumeration

Related Identifiers

Affected Products

References · 3