CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-6232

CVSS 9.8v3.1pub. 2024-02-06upd. 2024-11-21

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

🤖 AI Analysis
How it works

The vulnerability (CWE-787 — out-of-bounds write) occurs during username processing in the address book during the Mobile Device feature authentication process. The attacker sends crafted network data that causes a buffer overflow in the device's memory. This can result in overwriting critical memory structures, leading to arbitrary code execution or complete loss of device responsiveness.

Impact

An attacker located in the same network segment can execute arbitrary code (RCE) on the vulnerable device or cause its permanent unavailability (DoS). Complete takeover of the device can result in breach of confidentiality, integrity, and availability.

Mitigation & patch

The device firmware must be updated to a version newer than v03.07 in accordance with the manufacturer's recommendations published in the Canon PSIRT advisory (cp2024-001). Patches and instructions are available on Canon's regional websites: Japan (canon.jp), USA (usa.canon.com), and Europe (canon-europe.com). Until updates are applied, it is recommended to isolate printing devices in a dedicated network segment (VLAN) with restricted network access to trusted hosts.

Who is affected

Devices with firmware v03.07 and earlier: Satera LBP670C Series / Satera MF750C Series (Japan); Color imageCLASS LBP674C / Color imageCLASS X LBP1333C / Color imageCLASS MF750C Series / Color imageCLASS X MF1333C Series (USA); i-SENSYS LBP673Cdw / C1333P / i-SENSYS MF750C Series / C1333i Series (Europe) — including Canon MF755Cdw, MF753Cdw, MF751Cdw

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canon I Sensys Lbp673cdw

    HW
    Canon
    wszystkie wersje
  • Canon I Sensys Lbp673cdw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon I Sensys Mf752cdw

    HW
    Canon
    wszystkie wersje
  • Canon I Sensys Mf752cdw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon I Sensys Mf754cdw

    HW
    Canon
    wszystkie wersje
  • Canon I Sensys Mf754cdw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon I Sensys X C1333i

    HW
    Canon
    wszystkie wersje
  • Canon I Sensys X C1333if

    HW
    Canon
    wszystkie wersje
  • Canon I Sensys X C1333if Firmware

    OS
    Canon
    ≤ 03.07
  • Canon I Sensys X C1333i Firmware

    OS
    Canon
    ≤ 03.07
  • Canon I Sensys X C1333p

    HW
    Canon
    wszystkie wersje
  • Canon I Sensys X C1333p Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp122dw

    HW
    Canon
    wszystkie wersje
  • Canon Lbp122dw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp1238 Ii

    HW
    Canon
    wszystkie wersje
  • Canon Lbp1238 Ii Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp1333c

    HW
    Canon
    wszystkie wersje
  • Canon Lbp1333c Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp236dw

    HW
    Canon
    wszystkie wersje
  • Canon Lbp236dw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp237dw

    HW
    Canon
    wszystkie wersje
  • Canon Lbp237dw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp671c

    HW
    Canon
    wszystkie wersje
  • Canon Lbp671c Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp672c

    HW
    Canon
    wszystkie wersje
  • Canon Lbp672c Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp674c

    HW
    Canon
    wszystkie wersje
  • Canon Lbp674cdw

    HW
    Canon
    wszystkie wersje
  • Canon Lbp674cdw Firmware

    OS
    Canon
    ≤ 03.07
  • Canon Lbp674c Firmware

    OS
    Canon
    ≤ 03.07
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2025-14234CRITICAL9.3PL ✓ten sam produkt

Buffer overflow w drukarkach Canon — RCE przez sieć lokalną

CVE-2025-14231CRITICAL9.3PL ✓ten sam produkt

Buffer overflow w Canon — RCE przez WSD w drukarkach biurowych

CVE-2025-14232CRITICAL9.3PL ✓ten sam produkt

Buffer overflow w przetwarzaniu XML plików XPS w drukarkach Canon

CVE-2025-14233CRITICAL9.3PL ✓ten sam produkt

RCE przez invalid free w drukarkach Canon — luki w firmware v06.02

CVE-2025-14235CRITICAL9.3PL ✓ten sam produkt

Buffer overflow w przetwarzaniu czcionek XPS w drukarkach Canon — RCE