Vulnerability Details : CVE-2021-20877
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2021-20877
- cpe:2.3:h:canon:mf237w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf113w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf212w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf217w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf229dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf232w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf244dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf247dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf249dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf264dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf267dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf269dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf4570dn:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf4780w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf4890dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:lbp113w:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:lbp151dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:lbp162dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:2204f:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:2204n:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:2206if:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:lbp162:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:lbp162l:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf222dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf224dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf227dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf242dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf245dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf262dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf265dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf269dw_vp:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf4570dw:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf4770n:-:*:*:*:*:*:*:*
- cpe:2.3:h:canon:mf4880dw:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20877
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20877
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
|
4.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
1.7
|
2.7
|
NIST |
CWE ids for CVE-2021-20877
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-20877
-
https://www.canon-europe.com/support/product-security-latest-news/
Canon Product Security - Canon EuropeVendor Advisory
-
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting
Canon U.S.A., Inc. | Product Advisory Detail PageVendor Advisory
-
https://cweb.canon.jp/e-support/info/211221xss.html
キヤノン:サポート|レーザープリンター及びスモールオフィス向け複合機のクロスサイトスクリプティングに関する脆弱性対応についてVendor Advisory
-
https://jvn.jp/jp/JVN64806328/index.html
JVN#64806328: キヤノン製レーザープリンターおよびスモールオフィス向け複合機におけるクロスサイトスクリプティングの脆弱性Third Party Advisory
-
https://jvn.jp/en/jp/JVN64806328/index.html
JVN#64806328: Canon laser printers and small office multifunctional printers vulnerable to cross-site scriptingThird Party Advisory
Jump to