Canon Warns of Critical Vulnerabilities in Printers: RCE & DoS Attacks

In a significant move to fortify its line of Office/Small Office Multifunction Printers and Laser Printers, Canon, the Japanese imaging and optical product heavyweight, has disclosed the discovery of seven critical security vulnerabilities. These flaws hold the potential to disrupt businesses and compromise sensitive information.

The vulnerabilities, encompassing a range of out-of-bounds write issues (CVE-2023-6229 through CVE-2023-6234 and CVE-2024-0244), have been assigned a high-risk CVSS score of 9.8, underscoring the severity of the threat they pose. These security gaps can allow unauthenticated attackers to execute arbitrary code or launch Denial-of-Service (DoS) attacks on devices directly connected to the Internet, bypassing traditional security measures.

“These vulnerabilities indicate the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code and/or may be able to target the product in a Denial-of-Service (DoS) attack via the Internet,” the company wrote.

The affected devices include the Satera LBP670C Series, Satera MF750C Series (firmware v03.07 and earlier, sold in Japan), Color imageCLASS LBP674C, Color imageCLASS X LBP1333C, Color imageCLASS MF750C Series, Color imageCLASS X MF1333C Series (firmware v03.07 and earlier, sold in the US), and i-SENSYS LBP673Cdw, C1333P, i-SENSYS MF750C Series, C1333i Series (firmware v03.07 and earlier, sold in Europe).

Canon has been credited the following researchers for identifying these vulnerabilities:

• CVE-2023-6229: Nguyen Quoc (Viet) working with Trend Micro’s Zero Day Initiative
• CVE-2023-6230: Anonymous working with Trend Micro’s Zero Day Initiative
• CVE-2023-6231: Team Viettel working with Trend Micro’s Zero Day Initiative
• CVE-2023-6232: ANHTUD working with Trend Micro’s Zero Day Initiative
• CVE-2023-6233: ANHTUD working with Trend Micro’s Zero Day Initiative
• CVE-2023-6234: Team Viettel working with Trend Micro’s Zero Day Initiative
• CVE-2024-0244: Connor Ford (@ByteInsight) of Nettitude working with Trend Micro’s Zero Day Initiative

Canon takes these vulnerabilities seriously and offers valuable guidance to protect your office assets. First and foremost, they recommend configuring a private IP address for your Canon printer products. This step adds a layer of security, making it more challenging for attackers to reach your devices directly.

Furthermore, Canon advises creating a network environment fortified with a firewall or a wired/Wi-Fi router that can effectively restrict network access. This protective measure acts as a guardian, safeguarding your printers from unauthorized external access.

For users of the impacted printers, Canon’s advisory serves as a crucial call to action. The company has announced plans to release firmware updates designed to address these vulnerabilities, which will be made available through the websites of local Canon sales representatives. Users are urged to install these updates at the earliest opportunity to safeguard their devices against potential exploits.

As printers and other office equipment become increasingly integrated into corporate networks, the importance of maintaining robust security measures cannot be overstated.