Strix
26.1K

CVE-2023-6232

CRITICALCVSS 9.8/10EPSS 1.46%

Last modified

CVE-2023-6232 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. EPSS estimates a 1.46% chance of exploitation in the next 30 days.

Description

Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.46%

70.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CanonMf755cdw Firmware<= 03.07
CanonMf753cdw Firmware<= 03.07
CanonMf751cdw Firmware<= 03.07
CanonLbp674c Firmware<= 03.07
CanonLbp672c Firmware<= 03.07
CanonLbp671c Firmware<= 03.07
CanonMf1238 Ii Firmware<= 03.07
CanonMf1333c Firmware<= 03.07
CanonMf1643i Ii Firmware<= 03.07
CanonMf1643if Ii Firmware<= 03.07
CanonMf275dw Firmware<= 03.07
CanonMf273dw Firmware<= 03.07
CanonMf272dw Firmware<= 03.07
CanonMf455dw Firmware<= 03.07
CanonMf453dw Firmware<= 03.07
CanonMf452dw Firmware<= 03.07
CanonMf451dw Firmware<= 03.07
CanonLbp122dw Firmware<= 03.07
CanonLbp1238 Ii Firmware<= 03.07
CanonLbp1333c Firmware<= 03.07
CanonLbp237dw Firmware<= 03.07
CanonLbp236dw Firmware<= 03.07
CanonLbp674cdw Firmware<= 03.07
CanonI-Sensys Mf754cdw Firmware<= 03.07
CanonI-Sensys X C1333if Firmware<= 03.07
CanonI-Sensys Lbp673cdw Firmware<= 03.07
CanonI-Sensys Mf752cdw Firmware<= 03.07
CanonI-Sensys X C1333i Firmware<= 03.07
CanonI-Sensys X C1333p Firmware<= 03.07

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-6232?
Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.
How severe is CVE-2023-6232?
CVE-2023-6232 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.46% probability of exploitation in the next 30 days.
How do I fix CVE-2023-6232?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-6232?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST