[Japanese]

JVNDB-2008-000013

FTP bounce vulnerability in multiple Canon digital multifunction copiers and laser beam printers

Overview

Multiple Canon digital multifunction copiers and laser beam printers contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server.

The Canon Color imageRUNNER Series, imageRUNNER Series, imagePRESS Series, and laser beam printer series are digital multifunction copiers and printers. Some of these products contain a vulnerability that could allow a remote attacker to access other network devices via a built-in FTP server.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Canon
  • imageRUNNER and other devices

Impact

A remote attacker could use the FTP server of vulnerable products to conduct port scans against other network devices.
Solution

[Change the Setting]

Change the setting according to the information provided by the vendor. For more information, refer to the vendor's website.
Vendor Information

Canon
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-0303
References

  1. JVN : JVN#10056705
  2. National Vulnerability Database (NVD) : CVE-2008-0303
  3. US-CERT Vulnerability Note : VU#568073
  4. SecurityFocus : 28042
  5. SecurityTracker : 1019528
Revision History

  • [2008/05/21]
      Web page published

Date Public2008/03/05
Date First Published2008/05/21
Date Last Updated2008/05/21