CVE-2023-6234

2024-02-0600:23:28

CWE-787

Canon

www.cve.org

buffer overflow

cpca color lut

resource download

office multifunction printers

laser printers

network attacker

unresponsiveness

arbitrary code.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.1%

JSON

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Satera LBP670C Series",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Satera MF750C Series",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Color imageCLASS LBP674C",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Color imageCLASS X LBP1333C",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Color imageCLASS MF750C Series",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Color imageCLASS X MF1333C Series",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "i-SENSYS LBP673Cdw",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C1333P",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "i-SENSYS MF750C Series",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "C1333i Series",
    "vendor": "Canon Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "03.07 and earlier"
      }
    ]
  }
]

References

canon.jp/support/support-info/240205vulnerability-response

psirt.canon/advisory-information/cp2024-001/

www.canon-europe.com/support/product-security-latest-news/

www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers