Impact
The Canon EOS Network Setting Tool includes support for weak SSH cryptographic algorithms in versions 1.5.0 or earlier. Weak algorithms can be forced during an SSH handshake, potentially allowing an attacker to downgrade the session to use legacy ciphers such as 3DES or Blowfish. Based on the description, this could enable an attacker to intercept or tamper with traffic, leading to unauthorized configuration changes or data disclosure. The weakness is categorized as CWE‑327, which describes the use of weak cryptographic protocols. The primary consequence is that confidentiality and integrity of SSH sessions between the tool and network devices may be compromised, which could in turn allow further exploitation of connected systems.
Affected Systems
Canon Inc. provides the EOS Network Setting Tool for Windows and macOS. Versions 1.5.0 or earlier are vulnerable. These tools are typically used to configure network settings on Canon cameras and other devices, and the vulnerability applies to any installation that has not been updated beyond the specified version.
Risk and Exploitability
The CVSS score of 7.6 places the vulnerability in the high severity range. EPSS indicates a very low exploitation probability (<1%) and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, as the weakness is in the SSH protocol used by the tool. An attacker would need to establish an SSH session to the tool and then force the negotiation of the weak algorithm, which may require some information about the tool’s supported ciphers. The risk assessment therefore reflects a high impact but low probability scenario, making it a priority to mitigate through patching.
OpenCVE Enrichment