CVE-2023-0854

Name of the Vulnerable Software and Affected Versions Canon imageCLASS series versions prior to firmware Ver.11.04 Canon imageCLASS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier

Description The issue is related to a buffer overflow in the NetBIOS QNAME registering and communication process of Canon printers, which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. This is also associated with the cmNetBiosParseName function.

Recommendations For Canon imageCLASS series versions prior to firmware Ver.11.04, update the firmware to a version later than Ver.11.04. For Canon imageCLASS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, update the firmware to a version later than Ver.11.04. For Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C, update the firmware to a version later than Ver.11.04. For i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i, update the firmware to a version later than Ver.11.04. As a temporary workaround, consider restricting access to the cmNetBiosParseName function until a patch is available.