|
[Japanese]
|
JVNDB-2024-002050
|
Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
|
|
Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities (CWE-787, CVE-2023-6229, CVE-2023-6230, CVE-2023-6231, CVE-2023-6232, CVE-2023-6233, CVE-2023-6234, CVE-2024-0244).
Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Canon
|
A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.
|
|
A remote attacker may execute an arbitrary code and/or cause a denial-of-service (DoS) condition.
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
[Apply the Workaround]
Apply the following workarounds to prevent access from untrusted entities.
* Use the product in an environment protected by a firewall, etc.
* Use the product with a private IP address
|
|
Canon
|
|
- Out-of-bounds Write(CWE-787) [Other]
|
|
- CVE-2023-6229
- CVE-2023-6230
- CVE-2023-6231
- CVE-2023-6232
- CVE-2023-6233
- CVE-2023-6234
- CVE-2024-0244
|
|
- JVN : JVNVU#90033405
- National Vulnerability Database (NVD) : CVE-2023-6229
- National Vulnerability Database (NVD) : CVE-2023-6230
- National Vulnerability Database (NVD) : CVE-2023-6231
- National Vulnerability Database (NVD) : CVE-2023-6232
- National Vulnerability Database (NVD) : CVE-2023-6233
- National Vulnerability Database (NVD) : CVE-2023-6234
- National Vulnerability Database (NVD) : CVE-2024-0244
|
|
- [2024/02/07]
Web page was published
- [2024/03/08]
References : Contents were added
|
