[Japanese] | |
JVNDB-2025-005467 | |
Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers | |
Overview | |
Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information (CWE-522). | |
CVSS Severity (What is CVSS?) | |
CVSS V3 Severity:
Base Metrics 8.7 (High) [Other]
| |
Affected Products | |
A wide range of products and versions are affected. For more information, refer to "Vendor Status" section below. | |
Canon | |
| |
Impact | |
When an affected device is configured to communicate with an external system (e.g., SMTP server or LDAP server), an administrative user may obtain the credential information of that external system by directing the device to send the credential information in plain text form. | |
Solution | |
[Apply the Workaround] | |
Vendor Information | |
Canon | |
CWE (What is CWE?) | |
| |
CVE (What is CVE?) | |
| |
References | |
| |
Revision History | |
|
Date Public | 2025/05/21 |
Date First Published | 2025/05/22 |
Date Last Updated | 2025/05/22 |