CVE-2024-0244

moderate-risk
Published 2024-02-06

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.

Do I need to act?

-
0.49% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (7)

I-Sensys Mf754Cdw Firmware
I-Sensys X C1333If Firmware
Mf755Cdw Firmware
Mf753Cdw Firmware
Mf751Cdw Firmware
Mf1333C Firmware
Lbp1333C Firmware

Affected Vendors

Canon

References (8)

Vendor Advisory https://canon.jp/support/support-info/240205vulnerability-response
Vendor Advisory https://psirt.canon/advisory-information/cp2024-001/
Vendor Advisory https://www.canon-europe.com/support/product-security-latest-news/
Vendor Advisory https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regard...
Vendor Advisory https://canon.jp/support/support-info/240205vulnerability-response
Vendor Advisory https://psirt.canon/advisory-information/cp2024-001/
Vendor Advisory https://www.canon-europe.com/support/product-security-latest-news/
Vendor Advisory https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regard...
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 14/34 · Moderate