Lucene search

[email protected]NVD:CVE-2022-24673

HistoryMar 28, 2023 - 7:15 p.m.

CVE-2022-24673

2023-03-2819:15:10

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

vulnerability

remote attackers

canon imageclass mf644cdw

slp protocol

code execution

root access

zdi-can-15845

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.016 Low

EPSS

Percentile

87.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Affected configurations

NVD

Node

canond1620_firmwareMatch-

AND

canond1620Match-

Node

canond1650_firmwareMatch-

AND

canond1650Match-

Node

canond1520_firmwareMatch-

AND

canond1520Match-

Node

canond1550_firmwareMatch-

AND

canond1550Match-

Node

canonmf1127c_firmwareMatch-

AND

canonmf1127cMatch-

Node

canonmf1238_firmwareMatch-

AND

canonmf1238Match-

Node

canonmf1238_ii_firmwareMatch-

AND

canonmf1238_iiMatch-

Node

canonmf1643i_ii_firmwareMatch-

AND

canonmf1643i_iiMatch-

Node

canonmf1643if_ii_firmwareMatch-

AND

canonmf1643if_iiMatch-

Node

canonmf414dw_firmwareMatch-

AND

canonmf414dwMatch-

Node

canonmf416dw_firmwareMatch-

AND

canonmf416dwMatch-

Node

canonmf419dw_firmwareMatch-

AND

canonmf419dwMatch-

Node

canonmf515dw_firmwareMatch-

AND

canonmf515dwMatch-

Node

canonmf424dw_firmwareMatch-

AND

canonmf424dwMatch-

Node

canonmf426dw_firmwareMatch-

AND

canonmf426dwMatch-

Node

canonmf429dw_firmwareMatch-

AND

canonmf429dwMatch-

Node

canonmf525dw_firmwareMatch-

AND

canonmf525dwMatch-

Node

canonmf445dw_firmwareMatch-

AND

canonmf445dwMatch-

Node

canonmf448dw_firmwareMatch-

AND

canonmf448dwMatch-

Node

canonmf449dw_firmwareMatch-

AND

canonmf449dwMatch-

Node

canonmf543dw_firmwareMatch-

AND

canonmf543dwMatch-

Node

canonmf451dw_firmwareMatch-

AND

canonmf451dwMatch-

Node

canonmf452dw_firmwareMatch-

AND

canonmf452dwMatch-

Node

canonmf453dw_firmwareMatch-

AND

canonmf453dwMatch-

Node

canonmf455dw_firmwareMatch-

AND

canonmf455dwMatch-

Node

canonmf6160dw_firmwareMatch-

AND

canonmf6160dwMatch-

Node

canonmf6180dw_firmwareMatch-

AND

canonmf6180dwMatch-

Node

canonmf624cdw_firmwareMatch-

AND

canonmf624cdwMatch-

Node

canonmf628cdw_firmwareMatch-

AND

canonmf628cdwMatch-

Node

canonmf632cdw_firmwareMatch-

AND

canonmf632cdwMatch-

Node

canonmf634cdw_firmwareMatch-

AND

canonmf634cdwMatch-

Node

canonmf641cw_firmwareMatch-

AND

canonmf641cwMatch-

Node

canonmf642cdw_firmwareMatch-

AND

canonmf642cdwMatch-

Node

canonmf644cdw_firmwareMatch-

AND

canonmf644cdwMatch-

Node

canonmf726cdw_firmwareMatch-

AND

canonmf726cdwMatch-

Node

canonmf729cdw_firmwareMatch-

AND

canonmf729cdwMatch-

Node

canonmf731cdw_firmwareMatch-

AND

canonmf731cdwMatch-

Node

canonmf733cdw_firmwareMatch-

AND

canonmf733cdwMatch-

Node

canonmf735cdw_firmwareMatch-

AND

canonmf735cdwMatch-

Node

canonmf741cdw_firmwareMatch-

AND

canonmf741cdwMatch-

Node

canonmf743cdw_firmwareMatch-

AND

canonmf743cdwMatch-

Node

canonmf745cdw_firmwareMatch-

AND

canonmf745cdwMatch-

Node

canonmf746cdw_firmwareMatch-

AND

canonmf746cdwMatch-

Node

canonmf810cdn_firmwareMatch-

AND

canonmf810cdnMatch-

Node

canonmf820cdn_firmwareMatch-

AND

canonmf820cdnMatch-

Node

canonmf8280cw_firmwareMatch-

AND

canonmf8280cwMatch-

Node

canonmf8580cdw_firmwareMatch-

AND

canonmf8580cdwMatch-

Node

canonlbp1127c_firmwareMatch-

AND

canonlbp1127cMatch-

Node

canonlbp1238_firmwareMatch-

AND

canonlbp1238Match-

Node

canonlbp1238_ii_firmwareMatch-

AND

canonlbp1238_iiMatch-

Node

canonlbp214dw_firmwareMatch-

AND

canonlbp214dwMatch-

Node

canonlbp215dw_firmwareMatch-

AND

canonlbp215dwMatch-

Node

canonlbp226dw_firmwareMatch-

AND

canonlbp226dwMatch-

Node

canonlbp227dw_firmwareMatch-

AND

canonlbp227dwMatch-

Node

canonlbp228dw_firmwareMatch-

AND

canonlbp228dwMatch-

Node

canonlbp236dw_firmwareMatch-

AND

canonlbp236dwMatch-

Node

canonlbp237dw_firmwareMatch-

AND

canonlbp237dwMatch-

Node

canonlbp251dw_firmwareMatch-

AND

canonlbp251dwMatch-

Node

canonlbp253dw_firmwareMatch-

AND

canonlbp253dwMatch-

Node

canonlbp612cdw_firmwareMatch-

AND

canonlbp612cdwMatch-

Node

canonlbp622cdw_firmwareMatch-

AND

canonlbp622cdwMatch-

Node

canonlbp623cdw_firmwareMatch-

AND

canonlbp623cdwMatch-

Node

canonlbp654cdw_firmwareMatch-

AND

canonlbp654cdwMatch-

Node

canonlbp664cdw_firmwareMatch-

AND

canonlbp664cdwMatch-

Node

canonir1435i_firmwareMatch-

AND

canonir1435iMatch-

Node

canon1435if_firmwareMatch-

AND

canon1435ifMatch-

Node

canon1435p_firmwareMatch-

AND

canon1435pMatch-

Node

canon1435i\+_firmwareMatch-

AND

canon1435i\+Match-

Node

canon1435if\+_firmwareMatch-

AND

canon1435if\+Match-

Node

canon1435p\+_firmwareMatch-

AND

canon1435p\+Match-

Node

canonir1643i_firmwareMatch-

AND

canonir1643iMatch-

Node

canonir1643if_firmwareMatch-

AND

canonir1643ifMatch-

Node

canonwg7240_firmwareMatch-

AND

canonwg7240Match-

Node

canonwg7250_firmwareMatch-

AND

canonwg7250Match-

Node

canonwg7250f_firmwareMatch-

AND

canonwg7250fMatch-

Node

canonwg7250z_firmwareMatch-

AND

canonwg7250zMatch-

References

www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow

www.zerodayinitiative.com/advisories/ZDI-22-515/