CVE-2024-0244
📋 TL;DR
A buffer overflow vulnerability in the CPCA PCFAX number process of Canon multifunction printers allows network attackers to crash devices or execute arbitrary code. Affected devices include Satera MF750C, Color imageCLASS MF750C/X MF1333C, and i-SENSYS MF754Cdw/C1333iF models with firmware v03.07 or earlier.
💻 Affected Systems
- Satera MF750C Series
- Color imageCLASS MF750C Series
- Color imageCLASS X MF1333C
- i-SENSYS MF754Cdw
- i-SENSYS C1333iF
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/root privileges leading to complete device compromise, lateral movement, and data exfiltration.
Likely Case
Denial of service causing printer unresponsiveness and disruption of printing services.
If Mitigated
Limited impact if devices are isolated on separate VLANs with strict network segmentation.
🎯 Exploit Status
Network-accessible without authentication. Buffer overflow in fax number processing suggests simple network packet crafting could trigger exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware newer than v03.07
Vendor Advisory: https://psirt.canon/advisory-information/cp2024-001/
Restart Required: Yes
Instructions:
1. Download latest firmware from Canon support portal. 2. Upload firmware via printer web interface. 3. Apply update. 4. Reboot printer. 5. Verify firmware version.
🔧 Temporary Workarounds
Network segmentation
allIsolate printers on separate VLAN with strict firewall rules limiting access to necessary ports only.
Disable fax functionality
allTurn off fax features if not required to remove vulnerable attack surface.
🧯 If You Can't Patch
- Segment printers on isolated network with strict access controls
- Implement network monitoring for anomalous traffic to printer IPs on port 9100/tcp and other printing ports
🔍 How to Verify
Check if Vulnerable:
Check firmware version via printer web interface: Settings > Device Information > Firmware VersionCheck Version:
N/A - Use printer web interface or physical display panelVerify Fix Applied:
Confirm firmware version is newer than v03.07 in printer web interface📡 Detection & Monitoring
Log Indicators:
- Printer crash/reboot logs
- Unusual fax processing errors
- Memory corruption warnings in device logs
Network Indicators:
- Unusual traffic to printer port 9100/tcp
- Malformed fax protocol packets
- Multiple connection attempts to printer services
SIEM Query:
destination_ip IN [printer_ips] AND (port=9100 OR protocol="LPD" OR protocol="IPP") AND (payload_size > threshold OR pattern_match("buffer_overflow_patterns"))🔗 References
- https://canon.jp/support/support-info/240205vulnerability-response
- https://psirt.canon/advisory-information/cp2024-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers
- https://canon.jp/support/support-info/240205vulnerability-response
- https://psirt.canon/advisory-information/cp2024-001/
- https://www.canon-europe.com/support/product-security-latest-news/
- https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers
