CVE-2023-0851
CRITICALCanon Mf642cdw Firmware < 11.04 - Out-of-Bounds Write
Title source: ruleDescription
Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
References (4)
Core 4
Core References
Various Sources
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
Various Sources
https://psirt.canon/advisory-information/cp2023-001/
Scores
CVSS v3
9.8
EPSS
0.0038
EPSS Percentile
59.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-122
CWE-787
Status
published
Products (45)
canon/i-sensys_lbp621cw_firmware
< 11.04
canon/i-sensys_lbp623cdw_firmware
< 11.04
canon/i-sensys_lbp633cdw_firmware
< 11.04
canon/i-sensys_lbp664cx_firmware
< 11.04
canon/i-sensys_mf641cw_firmware
< 11.04
canon/i-sensys_mf643cdw_firmware
< 11.04
canon/i-sensys_mf645cx_firmware
< 11.04
canon/i-sensys_mf742cdw_firmware
< 11.04
canon/i-sensys_mf744cdw_firmware
< 11.04
canon/i-sensys_mf746cx_firmware
< 11.04
... and 35 more
Published
May 11, 2023
Tracked Since
Feb 18, 2026