Canon’s small office multifunction printers and laser printers were found to have critical buffer-overflow bugs, which the company has now patched. The vulnerabilities, tracked as CVE-2023-6229 through CVE-2023-6234 (plus CVE-2024-0244), affect various processes common across Canon’s product lines. These include the username or password process involved with authenticating mobile devices and the Service Location Protocol (SLP) attribute request process, among others. The rating assigned to all these vulnerabilities by the company is “critical,” signifying the severity of the issue.
According to a security advisory, these vulnerabilities could allow unauthenticated attackers to remotely perform a denial of service (DoS) or arbitrary code execution against any affected printers connected directly to the Internet. Furthermore, they offer a way for attackers to gain access to deeper levels of the victim’s network. Despite these risks, no exploitations of these vulnerabilities have been observed in the wild yet.
The revelation of these seven vulnerabilities comes in the wake of the “Pwn2Own Toronto’s SOHO Smashup” event, where contestants were invited to breach routers and SOHO devices, leading to the inclusion of printers in the competition’s categories. While printers are often overlooked as vulnerable targets, especially in small businesses, they present a significant attack surface due to the lack of easily manageable enterprise-level features.
Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative (ZDI), emphasized the difficulty in managing printers from an enterprise perspective. He noted that printers lack automatic updates and features for easy management, making them a relatively easy target for attackers. Due to their connection to more sensitive devices in small or midsized business (SMB) networks, old office printers are considered to be rather trivial to crack.
In response to these vulnerabilities, Canon advised its customers to update to the latest firmware and implement measures such as setting a private IP address for the products and creating a network environment with a firewall or wired/Wi-Fi router that can restrict network access. Childs emphasized the importance of segmenting different areas of networks to prevent a printer compromise from reaching further into an enterprise’s network.
Ultimately, the best way to protect printers is to ensure that they are regularly patched and kept up to date. Childs highlighted the importance of maintaining regular updates, noting that exploited printers are often several updates behind.
The widespread impact of these critical vulnerabilities highlights the need for enhanced security measures and proactive patch management strategies to mitigate the risks associated with the increasing number of vulnerabilities affecting printing devices. Canon’s response to the discovery of these vulnerabilities underscores the urgency for businesses to prioritize printer security and adopt best practices to safeguard their network infrastructure and sensitive data from potential exploitation.