9.8
CRITICAL
CVE-2022-24673
Canon imageCLASS MF644Cdw Remote Code Execution (Stack-based Buffer Overflow)
Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

INFO

Published Date :

March 28, 2023, 7:15 p.m.

Last Modified :

April 3, 2023, 6:52 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2022-24673 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Canon d1620_firmware
2 Canon d1650_firmware
3 Canon d1520_firmware
4 Canon d1550_firmware
5 Canon mf1127c_firmware
6 Canon mf1238_firmware
7 Canon mf1238_ii_firmware
8 Canon mf1643i_ii_firmware
9 Canon mf1643if_ii_firmware
10 Canon mf414dw_firmware
11 Canon mf416dw_firmware
12 Canon mf419dw_firmware
13 Canon mf515dw_firmware
14 Canon mf424dw_firmware
15 Canon mf426dw_firmware
16 Canon mf429dw_firmware
17 Canon mf525dw_firmware
18 Canon mf445dw_firmware
19 Canon mf448dw_firmware
20 Canon mf449dw_firmware
21 Canon mf543dw_firmware
22 Canon mf451dw_firmware
23 Canon mf452dw_firmware
24 Canon mf453dw_firmware
25 Canon mf455dw_firmware
26 Canon mf6160dw_firmware
27 Canon mf6180dw_firmware
28 Canon mf624cdw_firmware
29 Canon mf628cdw_firmware
30 Canon mf632cdw_firmware
31 Canon mf634cdw_firmware
32 Canon mf641cw_firmware
33 Canon mf642cdw_firmware
34 Canon mf644cdw_firmware
35 Canon mf726cdw_firmware
36 Canon mf729cdw_firmware
37 Canon mf731cdw_firmware
38 Canon mf733cdw_firmware
39 Canon mf735cdw_firmware
40 Canon mf741cdw_firmware
41 Canon mf743cdw_firmware
42 Canon mf745cdw_firmware
43 Canon mf746cdw_firmware
44 Canon mf810cdn_firmware
45 Canon mf820cdn_firmware
46 Canon mf8280cw_firmware
47 Canon mf8580cdw_firmware
48 Canon lbp1127c_firmware
49 Canon lbp1238_firmware
50 Canon lbp1238_ii_firmware
51 Canon lbp214dw_firmware
52 Canon lbp215dw_firmware
53 Canon lbp226dw_firmware
54 Canon lbp227dw_firmware
55 Canon lbp228dw_firmware
56 Canon lbp236dw_firmware
57 Canon lbp237dw_firmware
58 Canon lbp251dw_firmware
59 Canon lbp253dw_firmware
60 Canon lbp612cdw_firmware
61 Canon lbp622cdw_firmware
62 Canon lbp623cdw_firmware
63 Canon lbp654cdw_firmware
64 Canon lbp664cdw_firmware
65 Canon ir1435i_firmware
66 Canon 1435if_firmware
67 Canon 1435p_firmware
68 Canon 1435i\+_firmware
69 Canon 1435if\+_firmware
70 Canon 1435p\+_firmware
71 Canon ir1643i_firmware
72 Canon ir1643if_firmware
73 Canon wg7240_firmware
74 Canon wg7250_firmware
75 Canon wg7250f_firmware
76 Canon wg7250z_firmware
: Total Affected Vendor : 1 | Products : 76
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-24673.

URL Resource
https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-515/ Third Party Advisory VDB Entry

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-24673 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-24673 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Apr. 03, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow No Types Assigned https://www.usa.canon.com/support/canon-product-advisories/canon-laser-printer-inkjet-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow Vendor Advisory
    Changed Reference Type https://www.zerodayinitiative.com/advisories/ZDI-22-515/ No Types Assigned https://www.zerodayinitiative.com/advisories/ZDI-22-515/ Third Party Advisory, VDB Entry
    Added CWE NIST CWE-787
    Added CPE Configuration AND OR *cpe:2.3:o:canon:d1620_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:d1620:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:d1650_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:d1650:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:d1520_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:d1520:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:d1550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:d1550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf1127c_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf1127c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf1238_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf1238:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf1238_ii_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf1238_ii:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf1643i_ii_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf1643i_ii:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf1643if_ii_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf1643if_ii:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf414dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf414dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf416dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf416dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf419dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf419dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf515dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf515dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf424dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf424dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf426dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf426dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf429dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf429dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf525dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf525dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf445dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf445dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf448dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf448dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf449dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf449dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf543dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf543dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf451dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf451dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf452dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf452dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf453dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf453dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf455dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf455dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf6160dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf6160dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf6180dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf6180dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf624cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf624cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf628cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf628cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf632cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf632cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf634cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf634cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf641cw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf641cw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf642cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf642cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf644cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf644cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf726cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf726cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf729cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf729cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf731cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf731cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf733cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf733cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf735cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf735cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf741cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf741cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf743cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf743cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf745cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf745cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf746cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf746cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf810cdn_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf810cdn:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf820cdn_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf820cdn:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf8280cw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf8280cw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:mf8580cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:mf8580cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp1127c_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp1127c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp1238_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp1238:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp1238_ii_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp1238_ii:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp214dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp214dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp215dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp215dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp226dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp226dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp227dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp227dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp228dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp228dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp236dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp236dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp237dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp237dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp251dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp251dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp253dw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp253dw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp612cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp612cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp622cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp622cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp623cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp623cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp654cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp654cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:lbp664cdw_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:lbp664cdw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:ir1435i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:ir1435i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:1435if_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:1435if:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:1435p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:1435p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:1435i\+_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:1435i\+:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:1435if\+_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:1435if\+:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:1435p\+_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:1435p\+:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:ir1643i_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:ir1643i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:ir1643if_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:ir1643if:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:wg7240_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:wg7240:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:wg7250_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:wg7250:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:wg7250f_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:wg7250f:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:canon:wg7250z_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:canon:wg7250z:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-24673 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-24673 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

1.62 }} 0.06%

score

0.87759

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: