CVE-2023-6230

Vulnerability

A buffer overflow vulnerability exists in the Address Book password process within the authentication of the Mobile Device Function of certain Canon Office Multifunction Printers and Laser Printers. The affected models include Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier (Japan), Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier (US), and i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier (Europe) [1]. The vulnerability is triggered when processing a specially crafted password input during the address book authentication flow.

Exploitation

An attacker on the same network segment as the affected printer can exploit this vulnerability by sending a crafted request to the device's address book password process. If the printer is directly connected to the internet without a router or firewall, the attacker can be remote and trigger the overflow without any prior authentication [1]. No user interaction is required; the attack can be automated.

Impact

Successful exploitation allows the attacker to cause the affected product to become unresponsive (denial of service) or to execute arbitrary code on the device [1]. The code executes with the privileges of the printer's firmware, potentially leading to full compromise of the device and access to any data processed or stored on it.

Mitigation

Canon has released firmware updates to address this vulnerability. Users should update their devices to the latest firmware version available from the official support site [1]. As a workaround, ensure the printer is not directly exposed to the internet; placing it behind a properly configured router or firewall reduces the attack surface. No known exploitation in the wild has been reported as of the publication date.