CVE-2022-43608

HIGH

Canon imageCLASS MF644Cdw 10.03 - RCE

Title source: llm

Description

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16032.

References (2)

Core 2

Core References

Vendor Advisory

https://www.psirt.canon/advisory-information/cve-2022-43608_20221125

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-1666/

Scores

CVSS v3 8.8

EPSS 0.0083

EPSS Percentile 52.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-190

Status published

Products (1)

canon/mf644cdw_firmware 10.03

Published Mar 29, 2023

Tracked Since Feb 18, 2026