CVE-2023-0855
high-risk
Published 2023-05-11
Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.
Do I need to act?
-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Mf642Cdw Firmware
Mf644Cdw Firmware
Mf741Cdw Firmware
Mf743Cdw Firmware
Mf745Cdw Firmware
Lbp621C Firmware
Lbp622C Firmware
Lbp661C Firmware
Lbp662C Firmware
Lbp664C Firmware
Mf1127C Firmware
Mf262Dw Ii Firmware
Mf264Dw Ii Firmware
Mf267Dw Ii Firmware
Mf269Dw Ii Firmware
Mf269Dw Vp Ii Firmware
Mf272Dw Firmware
Mf273Dw Firmware
Mf275Dw Firmware
Mf641Cw Firmware
Affected Vendors
References (8)
58
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
25/34 · High