Canon Printer Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Multiple critical security vulnerabilities affecting Canon Laser Printers and Small Office Multifunctional Printers. 

These vulnerabilities, identified as buffer overflow flaws, could allow attackers to execute arbitrary code remotely or render the devices inoperative through Denial-of-Service (DoS) attacks. 

The affected models include the imageCLASS MF Series (MF656CDW, MF654CDW, MF653CDW, MF652CW) and imageCLASS LBP Series (LBP632CDW, LBP633CDW).

Details of the Vulnerabilities

The vulnerabilities are tracked under the following Common Vulnerabilities and Exposures (CVE) identifiers:

• CVE-2024-12647: Exploits a buffer overflow in CPCA font download processing.
• CVE-2024-12648: Targets TIFF data EXIF tag processing.
• CVE-2024-12649: Exploits XPS data font processing.

These flaws have been assigned a critical CVSS v3.1 base score of 9.8, indicating severe potential consequences.

Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

Exploitation could allow attackers on the same network segment to execute arbitrary code or cause the printer to become unresponsive. 

While no public proof-of-concept exploits have been reported yet, the vulnerabilities pose significant risks to organizations using these devices.

Buffer overflow vulnerabilities occur when more data is written to a buffer than it can accommodate, leading to memory corruption. 

In Canon’s case, these flaws can be exploited via specially crafted network packets or print jobs. Successful exploitation could result in:

• Unauthorized remote access to the printer.
• Execution of malicious code.
• Potential compromise of connected networks.
• Denial-of-Service attacks rendering devices unusable.

The vulnerabilities impact multiple product lines across regions, including:

• Japan: Satera MF656Cdw, MF654Cdw (firmware ≤v05.04).
• U.S.: Color imageCLASS MF656Cdw, LBP633Cdw, MF652Cdw (firmware ≤v05.04).
• Europe: i-SENSYS MF657Cdw, LBP631Cdw (firmware ≤v05.04)

“We recommend that our customers set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access”, the company said.

Mitigation and Recommendations

Canon strongly advises users to take immediate action to secure their devices by implementing the following measures:

• Configure printers with private IP addresses.
• Use firewalls or wired/Wi-Fi routers to restrict network access.

Install the latest firmware available for affected models by following these steps:

• Turn off unnecessary protocols such as Telnet, FTP, and SNMP to reduce attack surfaces.
• Regularly inspect printer logs for unusual behavior or unauthorized access attempts.
• Place printers on a separate network segment isolated from critical systems.

By addressing these vulnerabilities promptly and adopting best practices for device security, organizations can minimize risks and ensure operational continuity in their printing environments.

For Daily Security Updates! Follow us on Google News, LinkedIn, and X