CVE-2020-16849
high-risk
Published 2020-11-30
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.
Do I need to act?
-
0.46% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Mf237W Firmware
Mf113W Firmware
Mf212W Firmware
Mf216N Firmware
Mf217W Firmware
Mf226Dn Firmware
Mf229Dw Firmware
Mf231 Firmware
Mf232W Firmware
Mf244Dw Firmware
Mf247Dw Firmware
Mf249Dw Firmware
Mf264Dw Firmware
Mf267Dw Firmware
Mf269Dw Firmware
Mf4570Dn Firmware
Mf4580Dn Firmware
Mf4780W Firmware
Mf4870Dn Firmware
Mf4890Dw Firmware
Affected Vendors
References (4)
Third Party Advisory
https://blog.scadafence.com/vulnerability-report-cve-2020-16849
Vendor Advisory
https://www.canon-europe.com/support/product-security/
Third Party Advisory
https://blog.scadafence.com/vulnerability-report-cve-2020-16849
Vendor Advisory
https://www.canon-europe.com/support/product-security/
50
/ 100
high-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
22/34 · High