CVE-2023-6234 - OpenCVE

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canon	I-sensys Lbp673cdw I-sensys Lbp673cdw Firmware I-sensys Mf752cdw I-sensys Mf752cdw Firmware I-sensys Mf754cdw I-sensys Mf754cdw Firmware I-sensys X C1333i I-sensys X C1333i Firmware I-sensys X C1333if I-sensys X C1333if Firmware I-sensys X C1333p I-sensys X C1333p Firmware Lbp122dw Lbp122dw Firmware Lbp1238 Ii Lbp1238 Ii Firmware Lbp1333c Lbp1333c Firmware Lbp236dw Lbp236dw Firmware Lbp237dw Lbp237dw Firmware Lbp671c Lbp671c Firmware Lbp672c Lbp672c Firmware Lbp674c Lbp674c Firmware Lbp674cdw Lbp674cdw Firmware Mf1238 Ii Mf1238 Ii Firmware Mf1333c Mf1333c Firmware Mf1643i Ii Mf1643i Ii Firmware Mf1643if Ii Mf1643if Ii Firmware Mf272dw Mf272dw Firmware Mf273dw Mf273dw Firmware Mf275dw Mf275dw Firmware Mf451dw Mf451dw Firmware Mf452dw Mf452dw Firmware Mf453dw Mf453dw Firmware Mf455dw Mf455dw Firmware Mf751cdw Mf751cdw Firmware Mf753cdw Mf753cdw Firmware Mf755cdw Mf755cdw Firmware

Configuration 1 [-]

AND

cpe:2.3:h:canon:mf755cdw:-:*:*:*:*:*:*:*

cpe:2.3:o:canon:mf755cdw_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:canon:mf753cdw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf753cdw:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:canon:mf751cdw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf751cdw:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:canon:lbp674c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp674c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:canon:lbp672c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp672c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:canon:lbp671c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp671c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:canon:mf1238_ii_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf1238_ii:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:canon:mf1333c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf1333c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:canon:mf1643i_ii_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf1643i_ii:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:canon:mf1643if_ii_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf1643if_ii:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:canon:mf275dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf275dw:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:canon:mf273dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf273dw:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:canon:mf272dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf272dw:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:canon:mf455dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf455dw:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:canon:mf453dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf453dw:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:canon:mf452dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf452dw:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:canon:mf451dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf451dw:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:canon:lbp122dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp122dw:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:canon:lbp1238_ii_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp1238_ii:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:canon:lbp1333c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp1333c:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:canon:lbp237dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp237dw:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:canon:lbp236dw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp236dw:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:canon:lbp674cdw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp674cdw:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:canon:i-sensys_mf754cdw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:i-sensys_mf754cdw:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:canon:i-sensys_x_c1333if_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:canon:i-sensys_x_c1333if:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:h:canon:i-sensys_lbp673cdw:-:*:*:*:*:*:*:*

cpe:2.3:o:canon:i-sensys_lbp673cdw_firmware:*:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:h:canon:i-sensys_mf752cdw:-:*:*:*:*:*:*:*

cpe:2.3:o:canon:i-sensys_mf752cdw_firmware:*:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:h:canon:i-sensys_x_c1333i:-:*:*:*:*:*:*:*

cpe:2.3:o:canon:i-sensys_x_c1333i_firmware:*:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:h:canon:i-sensys_x_c1333p:-:*:*:*:*:*:*:*

cpe:2.3:o:canon:i-sensys_x_c1333p_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://canon.jp/support/support-info/240205vulnerability-response
https://psirt.canon/advisory-information/cp2024-001/
https://www.canon-europe.com/support/product-security-latest-news/
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers

History

No history.

MITRE

Status: PUBLISHED

Assigner: Canon

Published: 2024-02-06T00:23:28.727Z

Updated: 2024-08-02T08:21:17.875Z

Reserved: 2023-11-21T06:05:11.045Z

Link: CVE-2023-6234

Vulnrichment

Updated: 2024-08-02T08:21:17.875Z

NVD

Status : Analyzed

Published: 2024-02-06T01:15:09.107

Modified: 2024-02-13T19:51:46.740

Link: CVE-2023-6234

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object