Vulnerability CVE-2008-0303


Published: 2008-02-28   Modified: 2012-02-12

Description:
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

Type:

CWE-DesignError

Vendor: Canon
Product: I-sensys 
Version:
lbp5360
lbp3460
lbp3360
Product: Imagerunner 
Version:
clc5151
clc4040
c6880i
c6880
c6870i
c5880i
c5880
c5870i
c5870
c5185i
c4580i
c4080i
c3380i
c3380
c3220n
c2880i
c2880
c2620n
c2620
c2380i
85plus
8070
7105
7095p
7095
7086
6800cn
6800c
6570
5800cn
5800c
5570
5075n
5075
5065n
5065
5055n
5055
4570
3570
3530
3180ci
3180c
3170ci
3170c
3045n
3045
3035n
3035
3025n
3025
2870
2570ci
2570c
2270
2230
105plus
Product: Imagepress 
Version: c1;
Product: Imagerunner c6800 
Product: Imagerunner 6870 
Product: Imagerunner 9070 
Product: Imagerunner 2620 
Product: Imagerunner c3220 
Product: Imagerunner 5020 
Product: Imagerunner 8500 
Product: Imagerunner c3200 
Product: Imagerunner 5000i 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://www.kb.cert.org/vuls/id/568073
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
http://www.securityfocus.com/bid/28042
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html
http://jvn.jp/en/jp/JVN10056705/index.html
http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
http://securitytracker.com/id?1019528

Related CVE
CVE-2018-12111
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.
CVE-2018-12049
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded t...
CVE-2018-12048
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that...
CVE-2018-11711
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedl...
CVE-2018-11692
** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedl...
CVE-2015-5631
Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators.
CVE-2013-4615
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct reques...
CVE-2013-4614
English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive informati...

Copyright 2019, cxsecurity.com

 

Back to Top