// For flags

CVE-2023-0854

Canon imageCLASS MF743Cdw cmNetBiosParseName Heap-based Buffer Overflow Remote Code Execution Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of NetBIOS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the NetBIOS-NS service.

*Credits: Angelboy (@scwuaptx) from DEVCORE Research Team
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-02-16 CVE Reserved
  • 2023-05-04 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-10-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Canon
Search vendor "Canon"
Mf642cdw Firmware
Search vendor "Canon" for product "Mf642cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf642cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf642cdw
Search vendor "Canon" for product "Mf642cdw"
--
Safe
Canon
Search vendor "Canon"
Mf644cdw Firmware
Search vendor "Canon" for product "Mf644cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf644cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf644cdw
Search vendor "Canon" for product "Mf644cdw"
--
Safe
Canon
Search vendor "Canon"
Mf741cdw Firmware
Search vendor "Canon" for product "Mf741cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf741cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf741cdw
Search vendor "Canon" for product "Mf741cdw"
--
Safe
Canon
Search vendor "Canon"
Mf743cdw Firmware
Search vendor "Canon" for product "Mf743cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf743cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf743cdw
Search vendor "Canon" for product "Mf743cdw"
--
Safe
Canon
Search vendor "Canon"
Mf745cdw Firmware
Search vendor "Canon" for product "Mf745cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf745cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf745cdw
Search vendor "Canon" for product "Mf745cdw"
--
Safe
Canon
Search vendor "Canon"
Lbp621c Firmware
Search vendor "Canon" for product "Lbp621c Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp621c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp621c
Search vendor "Canon" for product "Lbp621c"
--
Safe
Canon
Search vendor "Canon"
Lbp622c Firmware
Search vendor "Canon" for product "Lbp622c Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp622c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp622c
Search vendor "Canon" for product "Lbp622c"
--
Safe
Canon
Search vendor "Canon"
Lbp661c Firmware
Search vendor "Canon" for product "Lbp661c Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp661c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp661c
Search vendor "Canon" for product "Lbp661c"
--
Safe
Canon
Search vendor "Canon"
Lbp662c Firmware
Search vendor "Canon" for product "Lbp662c Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp662c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp662c
Search vendor "Canon" for product "Lbp662c"
--
Safe
Canon
Search vendor "Canon"
Lbp664c Firmware
Search vendor "Canon" for product "Lbp664c Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp664c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp664c
Search vendor "Canon" for product "Lbp664c"
--
Safe
Canon
Search vendor "Canon"
Mf1127c Firmware
Search vendor "Canon" for product "Mf1127c Firmware"
<= 11.04
Search vendor "Canon" for product "Mf1127c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf1127c
Search vendor "Canon" for product "Mf1127c"
--
Safe
Canon
Search vendor "Canon"
Mf262dw Ii Firmware
Search vendor "Canon" for product "Mf262dw Ii Firmware"
<= 11.04
Search vendor "Canon" for product "Mf262dw Ii Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf262dw Ii
Search vendor "Canon" for product "Mf262dw Ii"
--
Safe
Canon
Search vendor "Canon"
Mf264dw Ii Firmware
Search vendor "Canon" for product "Mf264dw Ii Firmware"
<= 11.04
Search vendor "Canon" for product "Mf264dw Ii Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf264dw Ii
Search vendor "Canon" for product "Mf264dw Ii"
--
Safe
Canon
Search vendor "Canon"
Mf267dw Ii Firmware
Search vendor "Canon" for product "Mf267dw Ii Firmware"
<= 11.04
Search vendor "Canon" for product "Mf267dw Ii Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf267dw Ii
Search vendor "Canon" for product "Mf267dw Ii"
--
Safe
Canon
Search vendor "Canon"
Mf269dw Ii Firmware
Search vendor "Canon" for product "Mf269dw Ii Firmware"
<= 11.04
Search vendor "Canon" for product "Mf269dw Ii Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf269dw Ii
Search vendor "Canon" for product "Mf269dw Ii"
--
Safe
Canon
Search vendor "Canon"
Mf269dw Vp Ii Firmware
Search vendor "Canon" for product "Mf269dw Vp Ii Firmware"
<= 11.04
Search vendor "Canon" for product "Mf269dw Vp Ii Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf269dw Vp Ii
Search vendor "Canon" for product "Mf269dw Vp Ii"
--
Safe
Canon
Search vendor "Canon"
Mf272dw Firmware
Search vendor "Canon" for product "Mf272dw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf272dw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf272dw
Search vendor "Canon" for product "Mf272dw"
--
Safe
Canon
Search vendor "Canon"
Mf273dw Firmware
Search vendor "Canon" for product "Mf273dw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf273dw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf273dw
Search vendor "Canon" for product "Mf273dw"
--
Safe
Canon
Search vendor "Canon"
Mf275dw Firmware
Search vendor "Canon" for product "Mf275dw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf275dw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf275dw
Search vendor "Canon" for product "Mf275dw"
--
Safe
Canon
Search vendor "Canon"
Mf641cw Firmware
Search vendor "Canon" for product "Mf641cw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf641cw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf641cw
Search vendor "Canon" for product "Mf641cw"
--
Safe
Canon
Search vendor "Canon"
Mf746cdw Firmware
Search vendor "Canon" for product "Mf746cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Mf746cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Mf746cdw
Search vendor "Canon" for product "Mf746cdw"
--
Safe
Canon
Search vendor "Canon"
Lbp122dw Firmware
Search vendor "Canon" for product "Lbp122dw Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp122dw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp122dw
Search vendor "Canon" for product "Lbp122dw"
--
Safe
Canon
Search vendor "Canon"
Lbp1127c Firmware
Search vendor "Canon" for product "Lbp1127c Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp1127c Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp1127c
Search vendor "Canon" for product "Lbp1127c"
--
Safe
Canon
Search vendor "Canon"
Lbp622cdw Firmware
Search vendor "Canon" for product "Lbp622cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp622cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp622cdw
Search vendor "Canon" for product "Lbp622cdw"
--
Safe
Canon
Search vendor "Canon"
Lbp623cdw Firmware
Search vendor "Canon" for product "Lbp623cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp623cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp623cdw
Search vendor "Canon" for product "Lbp623cdw"
--
Safe
Canon
Search vendor "Canon"
Lbp664cdw Firmware
Search vendor "Canon" for product "Lbp664cdw Firmware"
<= 11.04
Search vendor "Canon" for product "Lbp664cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Lbp664cdw
Search vendor "Canon" for product "Lbp664cdw"
--
Safe
Canon
Search vendor "Canon"
Imageprograf Tc-20 Firmware
Search vendor "Canon" for product "Imageprograf Tc-20 Firmware"
<= 11.04
Search vendor "Canon" for product "Imageprograf Tc-20 Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Imageprograf Tc-20
Search vendor "Canon" for product "Imageprograf Tc-20"
--
Safe
Canon
Search vendor "Canon"
Imageprograf Tc-20m Firmware
Search vendor "Canon" for product "Imageprograf Tc-20m Firmware"
<= 11.04
Search vendor "Canon" for product "Imageprograf Tc-20m Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Imageprograf Tc-20m
Search vendor "Canon" for product "Imageprograf Tc-20m"
--
Safe
Canon
Search vendor "Canon"
Pixma G3270 Firmware
Search vendor "Canon" for product "Pixma G3270 Firmware"
<= 11.04
Search vendor "Canon" for product "Pixma G3270 Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Pixma G3270
Search vendor "Canon" for product "Pixma G3270"
--
Safe
Canon
Search vendor "Canon"
Pixma G4270 Firmware
Search vendor "Canon" for product "Pixma G4270 Firmware"
<= 11.04
Search vendor "Canon" for product "Pixma G4270 Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Pixma G4270
Search vendor "Canon" for product "Pixma G4270"
--
Safe
Canon
Search vendor "Canon"
Maxify Gx3020 Firmware
Search vendor "Canon" for product "Maxify Gx3020 Firmware"
<= 11.04
Search vendor "Canon" for product "Maxify Gx3020 Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Maxify Gx3020
Search vendor "Canon" for product "Maxify Gx3020"
--
Safe
Canon
Search vendor "Canon"
Maxify Gx4020 Firmware
Search vendor "Canon" for product "Maxify Gx4020 Firmware"
<= 11.04
Search vendor "Canon" for product "Maxify Gx4020 Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
Maxify Gx4020
Search vendor "Canon" for product "Maxify Gx4020"
--
Safe
Canon
Search vendor "Canon"
I-sensys Lbp621cw Firmware
Search vendor "Canon" for product "I-sensys Lbp621cw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Lbp621cw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Lbp621cw
Search vendor "Canon" for product "I-sensys Lbp621cw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Lbp623cdw Firmware
Search vendor "Canon" for product "I-sensys Lbp623cdw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Lbp623cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Lbp623cdw
Search vendor "Canon" for product "I-sensys Lbp623cdw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Lbp633cdw Firmware
Search vendor "Canon" for product "I-sensys Lbp633cdw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Lbp633cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Lbp633cdw
Search vendor "Canon" for product "I-sensys Lbp633cdw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Lbp664cx Firmware
Search vendor "Canon" for product "I-sensys Lbp664cx Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Lbp664cx Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Lbp664cx
Search vendor "Canon" for product "I-sensys Lbp664cx"
--
Safe
Canon
Search vendor "Canon"
I-sensys Mf641cw Firmware
Search vendor "Canon" for product "I-sensys Mf641cw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Mf641cw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Mf641cw
Search vendor "Canon" for product "I-sensys Mf641cw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Mf643cdw Firmware
Search vendor "Canon" for product "I-sensys Mf643cdw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Mf643cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Mf643cdw
Search vendor "Canon" for product "I-sensys Mf643cdw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Mf645cx Firmware
Search vendor "Canon" for product "I-sensys Mf645cx Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Mf645cx Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Mf645cx
Search vendor "Canon" for product "I-sensys Mf645cx"
--
Safe
Canon
Search vendor "Canon"
I-sensys Mf742cdw Firmware
Search vendor "Canon" for product "I-sensys Mf742cdw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Mf742cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Mf742cdw
Search vendor "Canon" for product "I-sensys Mf742cdw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Mf744cdw Firmware
Search vendor "Canon" for product "I-sensys Mf744cdw Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Mf744cdw Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Mf744cdw
Search vendor "Canon" for product "I-sensys Mf744cdw"
--
Safe
Canon
Search vendor "Canon"
I-sensys Mf746cx Firmware
Search vendor "Canon" for product "I-sensys Mf746cx Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys Mf746cx Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys Mf746cx
Search vendor "Canon" for product "I-sensys Mf746cx"
--
Safe
Canon
Search vendor "Canon"
I-sensys X C1127i Firmware
Search vendor "Canon" for product "I-sensys X C1127i Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys X C1127i Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys X C1127i
Search vendor "Canon" for product "I-sensys X C1127i"
--
Safe
Canon
Search vendor "Canon"
I-sensys X C1127if Firmware
Search vendor "Canon" for product "I-sensys X C1127if Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys X C1127if Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys X C1127if
Search vendor "Canon" for product "I-sensys X C1127if"
--
Safe
Canon
Search vendor "Canon"
I-sensys X C1127p Firmware
Search vendor "Canon" for product "I-sensys X C1127p Firmware"
<= 11.04
Search vendor "Canon" for product "I-sensys X C1127p Firmware" and version " <= 11.04"
-
Affected
in Canon
Search vendor "Canon"
I-sensys X C1127p
Search vendor "Canon" for product "I-sensys X C1127p"
--
Safe