Vital Bugs in Canon Printers Permit Code Execution, DDoS
Canon has patched seven vital buffer-overflow bugs affecting its small workplace multifunction printers and laser printers.
Tracked as CVE-2023-6229 via CVE-2023-6234 (plus CVE-2024-0244), they have an effect on completely different processes frequent throughout Canon’s product traces – the username or password course of concerned with authenticating cell gadgets, for instance, the Service Location Protocol (SLP) attribute request course of, and extra.
The corporate assigned all of them “vital” 9.8 out of 10 rankings on the Widespread Vulnerability Scoring System (CVSS) scale. As defined in a safety advisory, they’ll enable unauthenticated attackers to remotely carry out denial of service (DoS) or arbitrary code execution in opposition to any affected printers related on to the Web. Additionally they supply a useful pivot level to burrow deeper into sufferer networks.
No exploitations have been noticed within the wild as of but, in keeping with the corporate’s European web site, however house owners ought to scan for indicators of compromise provided that the bugs have been publicly recognized however unpatched for months.
Exhausting to Deal with: The Downside With Printer Safety
The seven vulnerabilities patched on Feb. 5 have been revealed alongside dozens of others at Pwn2Own Toronto’s SOHO Smashup final summer time, the place contestants have been invited to breach routers after which the small workplace/dwelling workplace (SOHO) gadgets they hook up with.
Printers, so hardly ever acknowledged as fertile grounds for cyberattacks, got their very own class on the occasion.
“It is a fairly large assault floor proper now that is typically missed, particularly in small companies, as a result of it is onerous to handle from an enterprise degree,” explains Dustin Childs, head of risk consciousness for Development Micro’s Zero Day Initiative (ZDI), which runs the Pwn2Own hacking contest. “I imply, it is not like printers have automated updates or different options that you should use to handle them cleanly and simply.”
He provides, “printers have all the time been form of infamous for being finicky. You possibly can return to Workplace Area — one of many massive scenes the place they took a baseball bat to the printer. It is a joke, nevertheless it’s a joke that is based mostly in actuality. This stuff are troublesome to handle. The drivers are troublesome to handle. And there is plenty of problematic software program on them.”
Because of this, an outdated workplace printer — related to different, extra delicate gadgets in a small or midsized enterprise (SMB) community — tends to be relatively trivial to crack.
“I used to be a little bit shocked with how little they needed to work on it to search out actually workable exploits,” Childs remembers of Pwn2Own Toronto. As a living proof: “Final yr anyone performed the Mario theme on a printer. And he stated it took him longer to determine methods to play the Mario theme than to take advantage of the printer.”
What SMBs Can Do About Printer Safety Chaos
Past the plain step of updating to the newest firmware, Canon is advising its prospects to “set a personal IP deal with for the merchandise and create a community atmosphere with a firewall or wired/Wi-Fi router that may prohibit community entry.”
The recommendation speaks to a bigger level: that even when printers are thick and unwieldy, what’s manageable is their connectivity.
“It was that there have been, consider it or not, Web-addressable printers. What companies have accomplished is that they’ve gotten printers off the Web, which is a change during the last decade. Now we have got them behind not less than a firewall, or router, or one thing,” Childs explains.
Nevertheless, he provides, “as we have seen with PrintNightmare and different printer-based exploits, you may get previous that firewall after which assault a printer, then pivot from that to different targets inside an enterprise.” To stop a printer compromise from reaching additional right into a community, SMBs have to concentrate on correctly segmenting completely different areas of their networks.
One of the best ways to guard the printers themselves, in the meantime, is to patch. As Childs remembers, “I am unable to let you know what number of instances I’ve heard of printers that have been exploited that have been three or 4 updates behind.”