Vulnerability Details : CVE-2023-0858
Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-0858
- cpe:2.3:o:canon:mf1127c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf641cw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf642cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf644cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf741cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf743cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf745cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf746cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp1127c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp622cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp623cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp664cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp621c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp622c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp661c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp662c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp664c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf262dw_ii_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf264dw_ii_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf267dw_ii_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf269dw_ii_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf269dw_vp_ii_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf272dw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf273dw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:mf275dw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:lbp122dw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:imageprograf_tc-20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:imageprograf_tc-20m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:pixma_g3270_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:pixma_g4270_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:maxify_gx3020_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:maxify_gx4020_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_lbp621cw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_lbp623cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_lbp633cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_lbp664cx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_mf641cw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_mf643cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_mf645cx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_mf742cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_mf744cdw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_mf746cx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_x_c1127i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_x_c1127if_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:canon:i-sensys_x_c1127p_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0858
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0858
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.1
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
MITRE | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-0858
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cve@mitre.org (Secondary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-0858
-
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
Access DeniedVendor Advisory
-
https://psirt.canon/advisory-information/cp2023-001/
CP2023-001 Vulnerabilities Mitigation/Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers - Canon PSIRTVendor Advisory
-
https://www.canon-europe.com/support/product-security-latest-news/
Canon Product Security - Canon EuropeVendor Advisory
-
https://canon.jp/support/support-info/230414vulnerability-response
スモールオフィス向け複合機、レーザービームプリンターおよびインクジェットプリンターに関する脆弱性対応について|サポート|キヤノンVendor Advisory
Jump to