PT-2023-7445 · Canon · I-Sensys C1127I+10

Published

2023-05-04

·

Updated

2023-09-12

·

CVE-2023-0853

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Canon imageCLASS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware versions prior to Ver.11.05 Canon imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware versions prior to Ver.11.05 i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware versions prior to Ver.11.05
Description A buffer overflow in the mDNS NSEC record registering process of Canon Office and Small Office Multifunction Printers and Laser Printers may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. The issue is related to a stack-based buffer overflow.
Recommendations For Canon imageCLASS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware versions prior to Ver.11.05, update to a version later than Ver.11.04. For Canon imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware versions prior to Ver.11.05, update to a version later than Ver.11.04. For i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware versions prior to Ver.11.05, update to a version later than Ver.11.04. As a temporary workaround, consider restricting access to the mDNS service until a patch is available.

Fix

Memory Corruption

Stack Overflow

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2023-08484
CVE-2023-0853
ZDI-23-553

Affected Products

Canon X Lbp1127C
Canon X Mf1127C
Canon Imageclass Lbp620C Series
Canon Imageclass Lbp660C Series
Canon Imageclass Mf640C Series
Canon Imageclass Mf740C Series
I-Sensys C1127I
I-Sensys Lbp620C Series
I-Sensys Lbp660C Series
I-Sensys Mf640C Series
I-Sensys Mf740C Series