CVE-2023-6233
📋 TL;DR
A buffer overflow vulnerability in the SLP attribute request process of Canon multifunction printers and laser printers allows attackers on the same network segment to crash the device or execute arbitrary code. Affected devices include Satera, imageCLASS, and i-SENSYS series printers with firmware v03.07 and earlier, sold in Japan, US, and Europe.
💻 Affected Systems
- Satera LBP670C Series
- Satera MF750C Series
- Color imageCLASS LBP674C
- Color imageCLASS X LBP1333C
- Color imageCLASS MF750C Series
- Color imageCLASS X MF1333C Series
- i-SENSYS LBP673Cdw
- i-SENSYS C1333P
- i-SENSYS MF750C Series
- i-SENSYS C1333i Series
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full device compromise, allowing attackers to install persistent malware, steal print jobs, or pivot to other network systems.
Likely Case
Denial of service causing printer unresponsiveness, disrupting business operations and requiring physical reset or service.
If Mitigated
Limited impact if printers are isolated on separate VLANs with strict network segmentation and access controls.
🎯 Exploit Status
Exploitation requires network access but no authentication. SLP protocol is widely used for printer discovery, making this potentially easy to weaponize.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware v03.08 or later
Vendor Advisory: https://psirt.canon/advisory-information/cp2024-001/
Restart Required: Yes
Instructions:
1. Identify affected printer models and current firmware version
2. Download updated firmware from Canon support website for your region
3. Upload firmware via printer web interface or USB
4. Reboot printer after installation completes
🔧 Temporary Workarounds
Disable SLP Service
allTurn off the SLP (Service Location Protocol) service on affected printers to prevent exploitation.
Access printer web interface > Network Settings > Protocol Settings > Disable SLP
Network Segmentation
allIsolate printers on separate VLANs with strict firewall rules limiting SLP traffic.
🧯 If You Can't Patch
- Segment printers on isolated network VLANs with strict access controls
- Implement network monitoring for SLP protocol anomalies and buffer overflow attempts
🔍 How to Verify
Check if Vulnerable:
Check printer firmware version via web interface: Settings > Device Information > Firmware VersionCheck Version:
N/A - Use printer web interface or physical panelVerify Fix Applied:
Confirm firmware version is v03.08 or later in printer settings📡 Detection & Monitoring
Log Indicators:
- Printer crash/reboot logs
- SLP protocol errors in network device logs
Network Indicators:
- Unusual SLP traffic to printers
- Buffer overflow patterns in SLP packets
SIEM Query:
source="printer_logs" AND (event="crash" OR event="reboot") OR protocol="slp" AND payload_size>normal🔗 References
- https://canon.jp/support/support-info/240205vulnerability-response
- https://psirt.canon/advisory-information/cp2024-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers
- https://canon.jp/support/support-info/240205vulnerability-response
- https://psirt.canon/advisory-information/cp2024-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers
