A critical buffer overflow vulnerability exists in the firmware of multiple Canon Small Office Multifunction Printers and Laser Printers. An attacker on the same network can send a malicious print job to exploit this flaw, potentially causing the device to crash or allowing the attacker to execute arbitrary code, leading to a complete takeover of the printer and a potential breach of the internal network.

The vulnerability is a buffer overflow within the Web Services on Devices (WSD) protocol used for print job processing. An unauthenticated attacker on the same local network segment can send a specially crafted print job to an affected device. The device's firmware fails to properly validate the size of the incoming data, allowing the attacker to write data beyond the intended buffer's boundaries. This can result in a denial-of-service (DoS) by crashing the printer or, more critically, lead to remote code execution (RCE), giving the attacker full control over the device.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have severe consequences for the organization. An attacker achieving remote code execution can gain complete control of the printer, allowing them to intercept, steal, or modify sensitive documents being printed, scanned, or copied, leading to a major data breach. The compromised printer could also be used as a persistent foothold within the network, enabling the attacker to pivot and launch further attacks against other internal systems. A less sophisticated attack could simply render the printing fleet unresponsive, causing significant disruption to business operations.

Immediate Action: Immediately identify all affected printer models within the environment and update their firmware to a version later than v06.02 as recommended by the vendor. After patching, monitor the devices for any unusual behavior and review network and device logs for any signs of attempted exploitation that may have occurred prior to the update.

Proactive Monitoring: Implement continuous monitoring of network traffic to and from the printers, specifically looking for anomalies on WSD ports (e.g., TCP 5357, UDP 3702). Monitor printer logs for unexpected reboots, crashes, or unauthorized access attempts. Utilize network intrusion detection systems (NIDS) with updated signatures to detect potential buffer overflow attack patterns targeting these devices.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Network Segmentation: Isolate printers on a dedicated VLAN with strict firewall rules, allowing access only from trusted print servers and management stations.
• Disable WSD: If the WSD protocol is not essential for business operations, disable it through the printer's administrative interface.
• Access Control: Ensure strong administrative credentials are set on all printers and restrict access to the management interface.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability, immediate action is required. The ability for a network-adjacent attacker to achieve remote code execution on a trusted internal device presents a significant risk to network integrity and data confidentiality. Organizations must prioritize the deployment of the vendor-supplied firmware updates to all affected printers. While this CVE is not currently on the CISA KEV list, its high impact makes it a prime candidate for future inclusion. In addition to patching, we strongly recommend implementing network segmentation for all printers as a permanent defense-in-depth security measure.