CVE-2023-0855
📋 TL;DR
A buffer overflow vulnerability in the IPP number-up attribute processing of Canon multifunction printers allows network attackers to crash devices or execute arbitrary code. Affected devices include Satera, Color imageCLASS, and i-SENSYS series printers with firmware version 11.04 or earlier. This vulnerability affects devices sold in Japan, US, and Europe markets.
💻 Affected Systems
- Satera LBP660C Series
- Satera LBP620C Series
- Satera MF740C Series
- Satera MF640C Series
- Color imageCLASS LBP660C Series
- Color imageCLASS LBP620C Series
- Color imageCLASS X LBP1127C
- Color imageCLASS MF740C Series
- Color imageCLASS MF640C Series
- Color imageCLASS X MF1127C
- i-SENSYS LBP660C Series
- i-SENSYS LBP620C Series
- i-SENSYS MF740C Series
- i-SENSYS MF640C Series
- i-SENSYS C1127P
- i-SENSYS C1127iF
- i-SENSYS C1127i
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, lateral network movement, and persistent access to connected networks.
Likely Case
Denial of service causing printer unresponsiveness and disruption of printing services.
If Mitigated
Limited impact if printers are isolated on separate VLANs with strict network segmentation.
🎯 Exploit Status
Exploitation requires network access to the printer's IPP service (typically port 631).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware version newer than 11.04
Vendor Advisory: https://psirt.canon/advisory-information/cp2023-001/
Restart Required: Yes
Instructions:
1. Visit Canon support website for your region. 2. Download latest firmware for your specific printer model. 3. Follow manufacturer's firmware update procedure. 4. Verify firmware version after update.
🔧 Temporary Workarounds
Disable IPP service
allDisable Internet Printing Protocol service if not required for operations.
Network segmentation
allPlace printers on isolated VLAN with restricted access.
🧯 If You Can't Patch
- Implement strict network access controls to limit printer access to authorized users only.
- Monitor network traffic to printer IPP ports (typically 631) for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check printer firmware version via web interface or control panel. Navigate to Settings > Device Information > Firmware Version.Check Version:
Check via printer web interface or use SNMP query: snmpget -v2c -c community_string printer_ip .1.3.6.1.2.1.25.6.3.1.2Verify Fix Applied:
Verify firmware version is newer than 11.04 after update.📡 Detection & Monitoring
Log Indicators:
- Printer crash/reboot logs
- IPP service error messages
- Unusual print job submissions
Network Indicators:
- Unusual traffic to printer port 631
- Large IPP packets
- Multiple failed IPP connections
SIEM Query:
source="printer_logs" AND ("crash" OR "reboot" OR "IPP error") OR dest_port=631 AND (packet_size>threshold OR rate>threshold)🔗 References
- https://canon.jp/support/support-info/230414vulnerability-response
- https://psirt.canon/advisory-information/cp2023-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
- https://canon.jp/support/support-info/230414vulnerability-response
- https://psirt.canon/advisory-information/cp2023-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow
