PT-2023-16565 · Canon · Canon Satera Mf640C Series+13
Alex Rubin
+1
·
Published
2023-05-11
·
Updated
2023-05-30
·
CVE-2023-0858
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Canon Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series versions 11.04 and earlier
Canon Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C versions 11.04 and earlier
Canon i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series/C1127P/C1127iF/C1127i versions 11.04 and earlier
Description
The issue is related to improper authentication of the RemoteUI in certain Canon office and small office multifunction printers and laser printers. This may allow an attacker on the network segment to trigger unauthorized access to the product.
Recommendations
For Canon Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series versions 11.04 and earlier, update the firmware to a version later than 11.04.
For Canon Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C versions 11.04 and earlier, update the firmware to a version later than 11.04.
For Canon i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series/C1127P/C1127iF/C1127i versions 11.04 and earlier, update the firmware to a version later than 11.04.
As a temporary workaround, consider restricting access to the RemoteUI until a patch is available.
Fix
Improper Authentication
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Color Imageclass Lbp620C Series
Color Imageclass Lbp660C Series
Color Imageclass Mf640C Series
Color Imageclass Mf740C Series
Canon Color Imageclass X Lbp1127C
Canon Satera Lbp620C Series
Canon Satera Lbp660C Series
Canon Satera Mf640C Series
Canon Satera Mf740C Series
Canon I-Sensys C1127I
Canon I-Sensys Lbp620C Series
Canon I-Sensys Lbp660C Series
Canon I-Sensys Mf640C Series
Canon I-Sensys Mf740C Series