CVE-2024-12647
📋 TL;DR
A buffer overflow vulnerability in CPCA font download processing for Canon multifunction printers allows network attackers to crash devices or execute arbitrary code. Affected devices include Satera, imageCLASS, and i-SENSYS models sold in Japan, US, and Europe with firmware v05.04 and earlier.
💻 Affected Systems
- Satera MF656Cdw
- Satera MF654Cdw
- Color imageCLASS MF656Cdw
- Color imageCLASS MF654Cdw
- Color imageCLASS MF653Cdw
- Color imageCLASS MF652Cdw
- Color imageCLASS LBP633Cdw
- Color imageCLASS LBP632Cdw
- i-SENSYS MF657Cdw
- i-SENSYS MF655Cdw
- i-SENSYS MF651Cdw
- i-SENSYS LBP633Cdw
- i-SENSYS LBP631Cdw
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/root privileges leading to complete device compromise, lateral movement, and persistent backdoor installation.
Likely Case
Denial of service causing printer unresponsiveness and disruption of printing services.
If Mitigated
Limited to denial of service if network segmentation prevents attacker access.
🎯 Exploit Status
Network-based exploitation without authentication. CVSS 9.8 indicates critical severity with low attack complexity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware v05.05 or later
Vendor Advisory: https://psirt.canon/advisory-information/cp2025-001/
Restart Required: Yes
Instructions:
1. Download firmware update from Canon support site. 2. Upload firmware via printer web interface. 3. Apply update and restart printer.
🔧 Temporary Workarounds
Network segmentation
allIsolate printers on separate VLAN with strict access controls
Disable unnecessary services
allDisable CPCA font download service if not required
🧯 If You Can't Patch
- Segment printers on isolated network with firewall rules blocking unnecessary inbound connections
- Implement network monitoring for suspicious traffic to printer IPs on port 9100/tcp and other printing ports
🔍 How to Verify
Check if Vulnerable:
Check firmware version in printer web interface under Settings > Device InformationCheck Version:
N/A - Use printer web interface or physical displayVerify Fix Applied:
Confirm firmware version is v05.05 or later in device information📡 Detection & Monitoring
Log Indicators:
- Printer crash/reboot logs
- Unusual font download attempts in printer logs
Network Indicators:
- Unusual traffic to printer port 9100/tcp
- Malformed font download packets
SIEM Query:
source_ip=* dest_ip=printer_ip port=9100 AND (payload_size>normal OR malformed_packet)🔗 References
- https://canon.jp/support/support-info/250127vulnerability-response
- https://psirt.canon/advisory-information/cp2025-001/
- https://www.canon-europe.com/support/product-security/#news
- https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
