CVE-2020-16849
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.1%
An issue was discovered on Canon MF237w 06.07 devices. An “Improper Handling of Length Parameter Inconsistency” issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canon | mf237w | - | cpe:2.3:h:canon:mf237w:-:*:*:*:*:*:*:* |
| canon | mf237w_firmware | 06.07 | cpe:2.3:o:canon:mf237w_firmware:06.07:*:*:*:*:*:*:* |
| canon | mf113w | - | cpe:2.3:h:canon:mf113w:-:*:*:*:*:*:*:* |
| canon | mf113w_firmware | - | cpe:2.3:o:canon:mf113w_firmware:-:*:*:*:*:*:*:* |
| canon | mf212w | - | cpe:2.3:h:canon:mf212w:-:*:*:*:*:*:*:* |
| canon | mf212w_firmware | - | cpe:2.3:o:canon:mf212w_firmware:-:*:*:*:*:*:*:* |
| canon | mf216n | - | cpe:2.3:h:canon:mf216n:-:*:*:*:*:*:*:* |
| canon | mf216n_firmware | - | cpe:2.3:o:canon:mf216n_firmware:-:*:*:*:*:*:*:* |
| canon | mf217w | - | cpe:2.3:h:canon:mf217w:-:*:*:*:*:*:*:* |
| canon | mf217w_firmware | - | cpe:2.3:o:canon:mf217w_firmware:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.1%