CVE-2023-0853
📋 TL;DR
A buffer overflow vulnerability in the mDNS NSEC record registration process of Canon multifunction printers allows attackers on the same network segment to crash affected devices or execute arbitrary code. This affects specific Canon printer models sold in Japan, US, and Europe with firmware version 11.04 or earlier. The vulnerability has a critical CVSS score of 9.8 due to network-accessible exploitation without authentication.
💻 Affected Systems
- Canon Satera LBP660C Series
- Canon Satera LBP620C Series
- Canon Satera MF740C Series
- Canon Satera MF640C Series
- Canon Color imageCLASS LBP660C Series
- Canon Color imageCLASS LBP620C Series
- Canon Color imageCLASS X LBP1127C
- Canon Color imageCLASS MF740C Series
- Canon Color imageCLASS MF640C Series
- Canon Color imageCLASS X MF1127C
- Canon i-SENSYS LBP660C Series
- Canon i-SENSYS LBP620C Series
- Canon i-SENSYS MF740C Series
- Canon i-SENSYS MF640C Series
- Canon i-SENSYS C1127P
- Canon i-SENSYS C1127iF
- Canon i-SENSYS C1127i
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full control of the printer, potentially enabling lateral movement to other network devices or data exfiltration.
Likely Case
Denial of service causing printer unresponsiveness, disrupting printing services and potentially requiring physical reset.
If Mitigated
Limited impact if printers are isolated on separate VLANs with strict network segmentation and access controls.
🎯 Exploit Status
Exploitation requires being on the same network segment as the printer. mDNS uses UDP port 5353 for multicast communication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version newer than 11.04 (check specific vendor advisory for exact fixed version)
Vendor Advisory: https://psirt.canon/advisory-information/cp2023-001/
Restart Required: Yes
Instructions:
1. Identify affected printer models and current firmware version
2. Visit Canon support website for your region
3. Download latest firmware update for your specific model
4. Apply firmware update following Canon's instructions
5. Verify firmware version after update completes
6. Restart printer to ensure changes take effect
🔧 Temporary Workarounds
Disable mDNS/Bonjour services
allTurn off mDNS (Bonjour/Avahi) service on affected printers to prevent exploitation via this vector
Access printer web interface > Network settings > Disable mDNS/Bonjour service
Network segmentation
allIsolate printers on separate VLAN with strict firewall rules limiting mDNS traffic
Configure network switch to place printers on isolated VLAN
Add firewall rules to block mDNS (UDP 5353) traffic except from authorized management systems
🧯 If You Can't Patch
- Segment printers onto isolated network VLAN with strict access controls
- Implement network monitoring for mDNS exploitation attempts and anomalous printer behavior
🔍 How to Verify
Check if Vulnerable:
Check printer firmware version via web interface (Settings > Device Information > Firmware Version) and compare against affected versions (11.04 or earlier)Check Version:
Access printer web interface at http://[printer-ip]/ or check printer display panel for firmware versionVerify Fix Applied:
Confirm firmware version is newer than 11.04 and test mDNS functionality if re-enabled📡 Detection & Monitoring
Log Indicators:
- Printer crash/reboot logs
- Unusual mDNS traffic patterns
- Failed firmware update attempts
Network Indicators:
- Abnormal mDNS traffic to printer UDP port 5353
- Multiple mDNS NSEC record packets to single printer
- Printer becoming unresponsive after mDNS traffic
SIEM Query:
source_ip=* dest_ip=[printer_ip] dest_port=5353 protocol=udp | stats count by source_ip | where count > threshold🔗 References
- https://canon.jp/support/support-info/230414vulnerability-response
- https://psirt.canon/advisory-information/cp2023-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
- https://canon.jp/support/support-info/230414vulnerability-response
- https://psirt.canon/advisory-information/cp2023-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
