CVE-2023-0852

Name of the Vulnerable Software and Affected Versions Canon imageCLASS, imageCLASS MF, imageCLASS LBP, imagePROGRAF, PIXMA, MAXIFY versions prior to firmware Ver.11.04 Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier

Description The issue is related to a buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers, which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. This can be exploited remotely.

Recommendations For Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, update to firmware Ver.11.05 or later. For Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C, update to firmware Ver.11.05 or later. For i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i, update to firmware Ver.11.05 or later. As a temporary workaround, consider disabling the Address Book of Mobile Device function until a patch is available. Restrict access to the network segment to minimize the risk of exploitation.