Strix
26.1K

CVE-2022-24673

CRITICALCVSS 9.8/10EPSS 2.63%

Last modified

CVE-2022-24673 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. EPSS estimates a 2.63% chance of exploitation in the next 30 days.

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.63%

83.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CanonD1620 FirmwareAll versions
CanonD1650 FirmwareAll versions
CanonD1520 FirmwareAll versions
CanonD1550 FirmwareAll versions
CanonMf1127c FirmwareAll versions
CanonMf1238 FirmwareAll versions
CanonMf1238 Ii FirmwareAll versions
CanonMf1643i Ii FirmwareAll versions
CanonMf1643if Ii FirmwareAll versions
CanonMf414dw FirmwareAll versions
CanonMf416dw FirmwareAll versions
CanonMf419dw FirmwareAll versions
CanonMf515dw FirmwareAll versions
CanonMf424dw FirmwareAll versions
CanonMf426dw FirmwareAll versions
CanonMf429dw FirmwareAll versions
CanonMf525dw FirmwareAll versions
CanonMf445dw FirmwareAll versions
CanonMf448dw FirmwareAll versions
CanonMf449dw FirmwareAll versions
CanonMf543dw FirmwareAll versions
CanonMf451dw FirmwareAll versions
CanonMf452dw FirmwareAll versions
CanonMf453dw FirmwareAll versions
CanonMf455dw FirmwareAll versions
CanonMf6160dw FirmwareAll versions
CanonMf6180dw FirmwareAll versions
CanonMf624cdw FirmwareAll versions
CanonMf628cdw FirmwareAll versions
CanonMf632cdw FirmwareAll versions
CanonMf634cdw FirmwareAll versions
CanonMf641cw FirmwareAll versions
CanonMf642cdw FirmwareAll versions
CanonMf644cdw FirmwareAll versions
CanonMf726cdw FirmwareAll versions
CanonMf729cdw FirmwareAll versions
CanonMf731cdw FirmwareAll versions
CanonMf733cdw FirmwareAll versions
CanonMf735cdw FirmwareAll versions
CanonMf741cdw FirmwareAll versions
CanonMf743cdw FirmwareAll versions
CanonMf745cdw FirmwareAll versions
CanonMf746cdw FirmwareAll versions
CanonMf810cdn FirmwareAll versions
CanonMf820cdn FirmwareAll versions
CanonMf8280cw FirmwareAll versions
CanonMf8580cdw FirmwareAll versions
CanonLbp1127c FirmwareAll versions
CanonLbp1238 FirmwareAll versions
CanonLbp1238 Ii FirmwareAll versions

Showing 50 of 76 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-24673?
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.
How severe is CVE-2022-24673?
CVE-2022-24673 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.63% probability of exploitation in the next 30 days.
How do I fix CVE-2022-24673?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-24673?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST