#VU76476 Incorrect User Management in Canon U.S.A. products - CVE-2023-0857
Published: May 24, 2023
Vulnerability identifier: #VU76476
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-0857
CWE-ID: CWE-286
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
imageCLASS MF1127C
imageCLASS MF262DW II
imageCLASS MF264DW II
imageCLASS MF267DW II
imageCLASS MF269DW II
imageCLASS MF269DW VP II
imageCLASS MF272DW
imageCLASS MF273DW
imageCLASS MF275DW
imageCLASS MF641CW
imageCLASS MF642CDW
imageCLASS MF644CDW
imageCLASS MF741CDW
imageCLASS MF743CDW
imageCLASS MF745CDW
imageCLASS MF746CDW
imageCLASS LBP122DW
imageCLASS LBP1127C
imageCLASS LBP622CDW
imageCLASS LBP623CDW
imageCLASS LBP664CDW
imagePROGRAF TC-20
imagePROGRAF TC-20M
PIXMA G3270
PIXMA G4270
MAXIFY GX3020
MAXIFY GX4020
imageCLASS MF1127C
imageCLASS MF262DW II
imageCLASS MF264DW II
imageCLASS MF267DW II
imageCLASS MF269DW II
imageCLASS MF269DW VP II
imageCLASS MF272DW
imageCLASS MF273DW
imageCLASS MF275DW
imageCLASS MF641CW
imageCLASS MF642CDW
imageCLASS MF644CDW
imageCLASS MF741CDW
imageCLASS MF743CDW
imageCLASS MF745CDW
imageCLASS MF746CDW
imageCLASS LBP122DW
imageCLASS LBP1127C
imageCLASS LBP622CDW
imageCLASS LBP623CDW
imageCLASS LBP664CDW
imagePROGRAF TC-20
imagePROGRAF TC-20M
PIXMA G3270
PIXMA G4270
MAXIFY GX3020
MAXIFY GX4020
Software vendor:
Canon U.S.A.
Canon U.S.A.
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect user management. A remote attacker can change the product's settings or gain unauthorized access to the product.
Remediation
Install updates from vendor's website.