First published: Wed Mar 29 2023(Updated: )
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16032.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canon imageCLASS MF644Cdw | ||
Canon Mf644cdw Firmware | =10.03 | |
Canon Mf644cdw |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-43608.
The title of this vulnerability is 'Canon imageCLASS MF644Cdw BJNP Integer Overflow Remote Code Execution Vulnerability'.
The severity of the CVE-2022-43608 vulnerability is high with a severity value of 8.8.
The affected software is Canon imageCLASS MF644Cdw firmware version 10.03.
No, authentication is not required to exploit the CVE-2022-43608 vulnerability.