CVE-2023-6233
Canon imageCLASS MF753Cdw SLP service-url Stack-based Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.
Desbordamiento de búfer en el proceso de solicitud de atributos SLP de impresoras multifunción de oficina e impresoras láser (*) que puede permitir que un atacante en el segmento de red haga que el producto afectado no responda o ejecute código arbitrario.*: firmware Satera LBP670C Series/Satera MF750C Series v03 .07 y anteriores vendidos en Japón. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 y anteriores vendidos en EE. UU. Firmware i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series v03.07 y anteriores vendidos en Europa.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of the service-url parameter provided to the Service Location Protocol endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-21 CVE Reserved
- 2024-02-06 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Canon Search vendor "Canon" | Mf755cdw Firmware Search vendor "Canon" for product "Mf755cdw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf755cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf755cdw Search vendor "Canon" for product "Mf755cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf753cdw Firmware Search vendor "Canon" for product "Mf753cdw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf753cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf753cdw Search vendor "Canon" for product "Mf753cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf751cdw Firmware Search vendor "Canon" for product "Mf751cdw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf751cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf751cdw Search vendor "Canon" for product "Mf751cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp674c Firmware Search vendor "Canon" for product "Lbp674c Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp674c Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp674c Search vendor "Canon" for product "Lbp674c" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp672c Firmware Search vendor "Canon" for product "Lbp672c Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp672c Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp672c Search vendor "Canon" for product "Lbp672c" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp671c Firmware Search vendor "Canon" for product "Lbp671c Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp671c Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp671c Search vendor "Canon" for product "Lbp671c" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf1238 Ii Firmware Search vendor "Canon" for product "Mf1238 Ii Firmware" | <= 03.07 Search vendor "Canon" for product "Mf1238 Ii Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf1238 Ii Search vendor "Canon" for product "Mf1238 Ii" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf1333c Firmware Search vendor "Canon" for product "Mf1333c Firmware" | <= 03.07 Search vendor "Canon" for product "Mf1333c Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf1333c Search vendor "Canon" for product "Mf1333c" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf1643i Ii Firmware Search vendor "Canon" for product "Mf1643i Ii Firmware" | <= 03.07 Search vendor "Canon" for product "Mf1643i Ii Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf1643i Ii Search vendor "Canon" for product "Mf1643i Ii" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf1643if Ii Firmware Search vendor "Canon" for product "Mf1643if Ii Firmware" | <= 03.07 Search vendor "Canon" for product "Mf1643if Ii Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf1643if Ii Search vendor "Canon" for product "Mf1643if Ii" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf275dw Firmware Search vendor "Canon" for product "Mf275dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf275dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf275dw Search vendor "Canon" for product "Mf275dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf273dw Firmware Search vendor "Canon" for product "Mf273dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf273dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf273dw Search vendor "Canon" for product "Mf273dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf272dw Firmware Search vendor "Canon" for product "Mf272dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf272dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf272dw Search vendor "Canon" for product "Mf272dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf455dw Firmware Search vendor "Canon" for product "Mf455dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf455dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf455dw Search vendor "Canon" for product "Mf455dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf453dw Firmware Search vendor "Canon" for product "Mf453dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf453dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf453dw Search vendor "Canon" for product "Mf453dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf452dw Firmware Search vendor "Canon" for product "Mf452dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf452dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf452dw Search vendor "Canon" for product "Mf452dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Mf451dw Firmware Search vendor "Canon" for product "Mf451dw Firmware" | <= 03.07 Search vendor "Canon" for product "Mf451dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Mf451dw Search vendor "Canon" for product "Mf451dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp122dw Firmware Search vendor "Canon" for product "Lbp122dw Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp122dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp122dw Search vendor "Canon" for product "Lbp122dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp1238 Ii Firmware Search vendor "Canon" for product "Lbp1238 Ii Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp1238 Ii Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp1238 Ii Search vendor "Canon" for product "Lbp1238 Ii" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp1333c Firmware Search vendor "Canon" for product "Lbp1333c Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp1333c Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp1333c Search vendor "Canon" for product "Lbp1333c" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp237dw Firmware Search vendor "Canon" for product "Lbp237dw Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp237dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp237dw Search vendor "Canon" for product "Lbp237dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp236dw Firmware Search vendor "Canon" for product "Lbp236dw Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp236dw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp236dw Search vendor "Canon" for product "Lbp236dw" | - | - |
Safe
|
Canon Search vendor "Canon" | Lbp674cdw Firmware Search vendor "Canon" for product "Lbp674cdw Firmware" | <= 03.07 Search vendor "Canon" for product "Lbp674cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | Lbp674cdw Search vendor "Canon" for product "Lbp674cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | I-sensys Mf754cdw Firmware Search vendor "Canon" for product "I-sensys Mf754cdw Firmware" | <= 03.07 Search vendor "Canon" for product "I-sensys Mf754cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | I-sensys Mf754cdw Search vendor "Canon" for product "I-sensys Mf754cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | I-sensys X C1333if Firmware Search vendor "Canon" for product "I-sensys X C1333if Firmware" | <= 03.07 Search vendor "Canon" for product "I-sensys X C1333if Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | I-sensys X C1333if Search vendor "Canon" for product "I-sensys X C1333if" | - | - |
Safe
|
Canon Search vendor "Canon" | I-sensys Lbp673cdw Firmware Search vendor "Canon" for product "I-sensys Lbp673cdw Firmware" | <= 03.07 Search vendor "Canon" for product "I-sensys Lbp673cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | I-sensys Lbp673cdw Search vendor "Canon" for product "I-sensys Lbp673cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | I-sensys Mf752cdw Firmware Search vendor "Canon" for product "I-sensys Mf752cdw Firmware" | <= 03.07 Search vendor "Canon" for product "I-sensys Mf752cdw Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | I-sensys Mf752cdw Search vendor "Canon" for product "I-sensys Mf752cdw" | - | - |
Safe
|
Canon Search vendor "Canon" | I-sensys X C1333i Firmware Search vendor "Canon" for product "I-sensys X C1333i Firmware" | <= 03.07 Search vendor "Canon" for product "I-sensys X C1333i Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | I-sensys X C1333i Search vendor "Canon" for product "I-sensys X C1333i" | - | - |
Safe
|
Canon Search vendor "Canon" | I-sensys X C1333p Firmware Search vendor "Canon" for product "I-sensys X C1333p Firmware" | <= 03.07 Search vendor "Canon" for product "I-sensys X C1333p Firmware" and version " <= 03.07" | - |
Affected
| in | Canon Search vendor "Canon" | I-sensys X C1333p Search vendor "Canon" for product "I-sensys X C1333p" | - | - |
Safe
|