Beware of Buffer Overflow Vulnerability in Canon Printers

CVECVE-2023-0856
CVSScvssV3_1: 9.8
SourceCVE-2023-0856

A critical buffer overflow vulnerability has been discovered in Canon printers that could allow remote attackers to take control of affected devices.

The vulnerability exists in the way Canon printers process attribute data in IPP (Internet Printing Protocol) requests. By sending a specially crafted request, an attacker on the same network segment may be able to overflow a buffer and execute arbitrary code.

This could let the attacker install malware, view and steal sensitive files, or access the printer remotely as if they were standing right next to it. Over 11 models of Canon small office and home office printers are affected.

If exploited, the vulnerability has a CVSS score of 9.8 out of 10, meaning it is easy to exploit and can lead to complete system compromise.

The good news is there is an easy fix – users with affected Canon printers should update their firmware to the latest version. Regularly checking for and applying updates is also recommended to stay protected against known issues.

Staying on top of firmware updates is one of the best ways home and small business users can help prevent hackers from gaining control of printers and other networked devices on their network.

References