CVE-2021-20877

EPSS 0.29%
Published 08.02.2022 11:15:07
Last modified 21.11.2024 05:47:20
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Canon ≫ 2204f Version-

Canon ≫ 2204n Version-

Canon ≫ 2206if Version-

Canon ≫ Lbp113w Version-

Canon ≫ Lbp151dw Version-

Canon ≫ Lbp162 Version-

Canon ≫ Lbp162dw Version-

Canon ≫ Lbp162l Version-

Canon ≫ Mf113w Version-

Canon ≫ Mf212w Version-

Canon ≫ Mf217w Version-

Canon ≫ Mf222dw Version-

Canon ≫ Mf224dw Version-

Canon ≫ Mf227dw Version-

Canon ≫ Mf229dw Version-

Canon ≫ Mf232w Version-

Canon ≫ Mf237w Version-

Canon ≫ Mf242dw Version-

Canon ≫ Mf244dw Version-

Canon ≫ Mf245dw Version-

Canon ≫ Mf247dw Version-

Canon ≫ Mf249dw Version-

Canon ≫ Mf262dw Version-

Canon ≫ Mf264dw Version-

Canon ≫ Mf265dw Version-

Canon ≫ Mf267dw Version-

Canon ≫ Mf269dw Version-

Canon ≫ Mf269dw Vp Version-

Canon ≫ Mf4570dn Version-

Canon ≫ Mf4570dw Version-

Canon ≫ Mf4770n Version-

Canon ≫ Mf4780w Version-

Canon ≫ Mf4880dw Version-

Canon ≫ Mf4890dw Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.49

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://cweb.canon.jp/e-support/info/211221xss.html

Vendor Advisory

https://jvn.jp/en/jp/JVN64806328/index.html

Third Party Advisory

https://jvn.jp/jp/JVN64806328/index.html

Third Party Advisory

https://www.canon-europe.com/support/product-security-latest-news/

Vendor Advisory

https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20877

EUVD