CVE-2023-6234
high-risk
Published 2024-02-06
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.
Do I need to act?
-
0.49% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Mf755Cdw Firmware
Mf753Cdw Firmware
Mf751Cdw Firmware
Lbp674C Firmware
Lbp672C Firmware
Lbp671C Firmware
Mf1238 Ii Firmware
Mf1333C Firmware
Mf1643I Ii Firmware
Mf1643If Ii Firmware
Mf275Dw Firmware
Mf273Dw Firmware
Mf272Dw Firmware
Mf455Dw Firmware
Mf453Dw Firmware
Mf452Dw Firmware
Mf451Dw Firmware
Lbp122Dw Firmware
Lbp1238 Ii Firmware
Lbp1333C Firmware
Affected Vendors
References (8)
Vendor Advisory
https://psirt.canon/advisory-information/cp2024-001/
Vendor Advisory
https://psirt.canon/advisory-information/cp2024-001/
56
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
22/34 · High