CVE-2022-24674

EPSS 0.06%
Published 28.03.2023 19:15:10
Last modified 21.11.2024 06:50:50
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Canon ≫ D1620 Firmware Version-

Canon ≫ D1620 Version-

Canon ≫ D1650 Firmware Version-

Canon ≫ D1650 Version-

Canon ≫ D1520 Firmware Version-

Canon ≫ D1520 Version-

Canon ≫ D1550 Firmware Version-

Canon ≫ D1550 Version-

Canon ≫ Mf1127c Firmware Version-

Canon ≫ Mf1127c Version-

Canon ≫ Mf1238 Firmware Version-

Canon ≫ Mf1238 Version-

Canon ≫ Mf1238 Ii Firmware Version-

Canon ≫ Mf1238 Ii Version-

Canon ≫ Mf1643i Ii Firmware Version-

Canon ≫ Mf1643i Ii Version-

Canon ≫ Mf1643if Ii Firmware Version-

Canon ≫ Mf1643if Ii Version-

Canon ≫ Mf414dw Firmware Version-

Canon ≫ Mf414dw Version-

Canon ≫ Mf416dw Firmware Version-

Canon ≫ Mf416dw Version-

Canon ≫ Mf419dw Firmware Version-

Canon ≫ Mf419dw Version-

Canon ≫ Mf515dw Firmware Version-

Canon ≫ Mf515dw Version-

Canon ≫ Mf424dw Firmware Version-

Canon ≫ Mf424dw Version-

Canon ≫ Mf426dw Firmware Version-

Canon ≫ Mf426dw Version-

Canon ≫ Mf429dw Firmware Version-

Canon ≫ Mf429dw Version-

Canon ≫ Mf525dw Firmware Version-

Canon ≫ Mf525dw Version-

Canon ≫ Mf445dw Firmware Version-

Canon ≫ Mf445dw Version-

Canon ≫ Mf448dw Firmware Version-

Canon ≫ Mf448dw Version-

Canon ≫ Mf449dw Firmware Version-

Canon ≫ Mf449dw Version-

Canon ≫ Mf543dw Firmware Version-

Canon ≫ Mf543dw Version-

Canon ≫ Mf451dw Firmware Version-

Canon ≫ Mf451dw Version-

Canon ≫ Mf452dw Firmware Version-

Canon ≫ Mf452dw Version-

Canon ≫ Mf453dw Firmware Version-

Canon ≫ Mf453dw Version-

Canon ≫ Mf455dw Firmware Version-

Canon ≫ Mf455dw Version-

Canon ≫ Mf6160dw Firmware Version-

Canon ≫ Mf6160dw Version-

Canon ≫ Mf6180dw Firmware Version-

Canon ≫ Mf6180dw Version-

Canon ≫ Mf624cdw Firmware Version-

Canon ≫ Mf624cdw Version-

Canon ≫ Mf628cdw Firmware Version-

Canon ≫ Mf628cdw Version-

Canon ≫ Mf632cdw Firmware Version-

Canon ≫ Mf632cdw Version-

Canon ≫ Mf634cdw Firmware Version-

Canon ≫ Mf634cdw Version-

Canon ≫ Mf641cw Firmware Version-

Canon ≫ Mf641cw Version-

Canon ≫ Mf642cdw Firmware Version-

Canon ≫ Mf642cdw Version-

Canon ≫ Mf644cdw Firmware Version-

Canon ≫ Mf644cdw Version-

Canon ≫ Mf726cdw Firmware Version-

Canon ≫ Mf726cdw Version-

Canon ≫ Mf729cdw Firmware Version-

Canon ≫ Mf729cdw Version-

Canon ≫ Mf731cdw Firmware Version-

Canon ≫ Mf731cdw Version-

Canon ≫ Mf733cdw Firmware Version-

Canon ≫ Mf733cdw Version-

Canon ≫ Mf735cdw Firmware Version-

Canon ≫ Mf735cdw Version-

Canon ≫ Mf741cdw Firmware Version-

Canon ≫ Mf741cdw Version-

Canon ≫ Mf743cdw Firmware Version-

Canon ≫ Mf743cdw Version-

Canon ≫ Mf745cdw Firmware Version-

Canon ≫ Mf745cdw Version-

Canon ≫ Mf746cdw Firmware Version-

Canon ≫ Mf746cdw Version-

Canon ≫ Mf810cdn Firmware Version-

Canon ≫ Mf810cdn Version-

Canon ≫ Mf820cdn Firmware Version-

Canon ≫ Mf820cdn Version-

Canon ≫ Mf8280cw Firmware Version-

Canon ≫ Mf8280cw Version-

Canon ≫ Mf8580cdw Firmware Version-

Canon ≫ Mf8580cdw Version-

Canon ≫ Lbp1127c Firmware Version-

Canon ≫ Lbp1127c Version-

Canon ≫ Lbp1238 Firmware Version-

Canon ≫ Lbp1238 Version-

Canon ≫ Lbp1238 Ii Firmware Version-

Canon ≫ Lbp1238 Ii Version-

Canon ≫ Lbp214dw Firmware Version-

Canon ≫ Lbp214dw Version-

Canon ≫ Lbp215dw Firmware Version-

Canon ≫ Lbp215dw Version-

Canon ≫ Lbp226dw Firmware Version-

Canon ≫ Lbp226dw Version-

Canon ≫ Lbp227dw Firmware Version-

Canon ≫ Lbp227dw Version-

Canon ≫ Lbp228dw Firmware Version-

Canon ≫ Lbp228dw Version-

Canon ≫ Lbp236dw Firmware Version-

Canon ≫ Lbp236dw Version-

Canon ≫ Lbp237dw Firmware Version-

Canon ≫ Lbp237dw Version-

Canon ≫ Lbp251dw Firmware Version-

Canon ≫ Lbp251dw Version-

Canon ≫ Lbp253dw Firmware Version-

Canon ≫ Lbp253dw Version-

Canon ≫ Lbp612cdw Firmware Version-

Canon ≫ Lbp612cdw Version-

Canon ≫ Lbp622cdw Firmware Version-

Canon ≫ Lbp622cdw Version-

Canon ≫ Lbp623cdw Firmware Version-

Canon ≫ Lbp623cdw Version-

Canon ≫ Lbp654cdw Firmware Version-

Canon ≫ Lbp654cdw Version-

Canon ≫ Lbp664cdw Firmware Version-

Canon ≫ Lbp664cdw Version-

Canon ≫ Ir1435i Firmware Version-

Canon ≫ Ir1435i Version-

Canon ≫ 1435if Firmware Version-

Canon ≫ 1435if Version-

Canon ≫ 1435p Firmware Version-

Canon ≫ 1435p Version-

Canon ≫ 1435i+ Firmware Version-

Canon ≫ 1435i+ Version-

Canon ≫ 1435if+ Firmware Version-

Canon ≫ 1435if+ Version-

Canon ≫ 1435p+ Firmware Version-

Canon ≫ 1435p+ Version-

Canon ≫ Ir1643i Firmware Version-

Canon ≫ Ir1643i Version-

Canon ≫ Ir1643if Firmware Version-

Canon ≫ Ir1643if Version-

Canon ≫ Wg7240 Firmware Version-

Canon ≫ Wg7240 Version-

Canon ≫ Wg7250 Firmware Version-

Canon ≫ Wg7250 Version-

Canon ≫ Wg7250f Firmware Version-

Canon ≫ Wg7250f Version-

Canon ≫ Wg7250z Firmware Version-

Canon ≫ Wg7250z Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.168

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/

Broken Link

https://www.zerodayinitiative.com/advisories/ZDI-22-516/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-24674

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24674

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24674

EUVD