Vulnerability CVE-2021-20877


Published: 2022-02-08

Description:
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Canon -> Mf232w 
Canon -> Mf4780w 
Canon -> 2204f 
Canon -> Mf237w 
Canon -> Mf4880dw 
Canon -> 2204n 
Canon -> Mf242dw 
Canon -> Mf4890dw 
Canon -> 2206if 
Canon -> Mf244dw 
Canon -> Lbp113w 
Canon -> Mf245dw 
Canon -> Lbp151dw 
Canon -> Mf247dw 
Canon -> Lbp162 
Canon -> Mf249dw 
Canon -> Lbp162dw 
Canon -> Mf262dw 
Canon -> Lbp162l 
Canon -> Mf264dw 
Canon -> Mf113w 
Canon -> Mf265dw 
Canon -> Mf212w 
Canon -> Mf267dw 
Canon -> Mf217w 
Canon -> Mf269dw 
Canon -> Mf222dw 
Canon -> Mf269dw vp 
Canon -> Mf224dw 
Canon -> Mf4570dn 
Canon -> Mf227dw 
Canon -> Mf4570dw 
Canon -> Mf229dw 
Canon -> Mf4770n 

 References:
https://cweb.canon.jp/e-support/info/211221xss.html
https://jvn.jp/en/jp/JVN64806328/index.html
https://jvn.jp/jp/JVN64806328/index.html
https://www.canon-europe.com/support/product-security-latest-news/
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting

Copyright 2024, cxsecurity.com

 

Back to Top