#VU76472 Stack-based buffer overflow in Canon U.S.A. products - CVE-2023-0856
Published: May 24, 2023
Vulnerability identifier: #VU76472
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-0856
CWE-ID: CWE-121
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
imageCLASS MF1127C
imageCLASS MF262DW II
imageCLASS MF264DW II
imageCLASS MF267DW II
imageCLASS MF269DW II
imageCLASS MF269DW VP II
imageCLASS MF272DW
imageCLASS MF273DW
imageCLASS MF275DW
imageCLASS MF641CW
imageCLASS MF642CDW
imageCLASS MF644CDW
imageCLASS MF741CDW
imageCLASS MF743CDW
imageCLASS MF745CDW
imageCLASS MF746CDW
imageCLASS LBP122DW
imageCLASS LBP1127C
imageCLASS LBP622CDW
imageCLASS LBP623CDW
imageCLASS LBP664CDW
imagePROGRAF TC-20
imagePROGRAF TC-20M
PIXMA G3270
PIXMA G4270
MAXIFY GX3020
MAXIFY GX4020
imageCLASS MF1127C
imageCLASS MF262DW II
imageCLASS MF264DW II
imageCLASS MF267DW II
imageCLASS MF269DW II
imageCLASS MF269DW VP II
imageCLASS MF272DW
imageCLASS MF273DW
imageCLASS MF275DW
imageCLASS MF641CW
imageCLASS MF642CDW
imageCLASS MF644CDW
imageCLASS MF741CDW
imageCLASS MF743CDW
imageCLASS MF745CDW
imageCLASS MF746CDW
imageCLASS LBP122DW
imageCLASS LBP1127C
imageCLASS LBP622CDW
imageCLASS LBP623CDW
imageCLASS LBP664CDW
imagePROGRAF TC-20
imagePROGRAF TC-20M
PIXMA G3270
PIXMA G4270
MAXIFY GX3020
MAXIFY GX4020
Software vendor:
Canon U.S.A.
Canon U.S.A.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.