CVE-2023-0858

Vulnerability

An improper authentication vulnerability exists in the RemoteUI of certain Canon Office/Small Office Multifunction Printers and Laser Printers. The affected firmware versions include Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier (Japan); Color imageCLASS LBP660C Series/LBP620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier (US); and i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier (Europe) [1]. The vulnerability allows an attacker on the same network segment to trigger unauthorized access to the product's RemoteUI.

Exploitation

An attacker on the same network segment (i.e., within the broadcast domain) can exploit this flaw without requiring any prior authentication. The attacker can send crafted network requests to the printer's RemoteUI interface, bypassing authentication checks. According to the vendor advisory, this can lead to unauthorized functions being executed [1].

Impact

Successful exploitation could allow an attacker to install arbitrary files on the device [1]. This could lead to further compromise of the printer's functionality, potentially enabling remote code execution or denial of service (DoS) attacks if the device is directly connected to the internet without a router [1].

Mitigation

Canon has released firmware updates to address this vulnerability. Users should apply the latest firmware provided by Canon for their specific product series and region [1]. For the Japanese market, firmware updates are available from the Canon Japan support site; for US and European markets, updates are available from respective regional support pages. There is no indication that this CVE is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.