A critical vulnerability has been identified in the firmware of multiple Canon Small Office Multifunction and Laser Printers. This flaw, with a CVSS score of 9.8, allows an unauthenticated attacker on the same network to remotely crash the device or execute arbitrary code, potentially leading to a complete system compromise, data theft, or using the printer as a foothold to attack the wider corporate network.

The vulnerability is an "invalid free" memory corruption flaw within the CPCA (Canon Page Composer Architecture) file deletion processing component. An unauthenticated attacker on the same local network segment can send a specially crafted request to the printer to trigger this flaw. Successful exploitation can corrupt the device's memory, leading to two primary outcomes: a denial-of-service (DoS) condition where the printer becomes unresponsive and requires a restart, or more severely, remote code execution (RCE) which grants the attacker full control over the device.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation can have a significant negative impact on the business. A denial-of-service attack could halt all printing, scanning, and copying functions, causing major operational disruptions. More critically, successful remote code execution would allow an attacker to compromise the printer, providing them a pivot point into the internal network, a platform to exfiltrate sensitive documents that are printed or scanned, and the ability to install persistent malware. The compromise of a network-connected printer can lead to a serious data breach and undermine the security of the entire corporate network.

Immediate Action: Identify all affected printer models within the environment and update their firmware to a version later than v06.02 as recommended by the vendor. After patching, monitor the devices for any unusual behavior and review network and device access logs for signs of attempted exploitation.

Proactive Monitoring:

• Monitor network traffic to and from affected printers for unusual patterns or malicious-looking requests, particularly those targeting file management services.
• Implement logging for printer activity and review these logs for unexpected reboots, configuration changes, or access from unauthorized IP addresses.
• Utilize a Network Intrusion Detection System (NIDS) with updated signatures to detect and alert on potential exploitation attempts against this vulnerability.

Compensating Controls:

• If immediate patching is not feasible, isolate printers onto a dedicated, restricted network segment (VLAN) to limit their exposure.
• Implement strict Access Control Lists (ACLs) to ensure that only authorized systems (e.g., print servers, specific administrative workstations) can communicate with the printers.
• Disable any unnecessary services or protocols on the printers to reduce the overall attack surface.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) and the risk of remote code execution, this vulnerability poses a severe threat to the organization. We strongly recommend that all affected printer models are patched immediately. While this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. Organizations should treat this vulnerability with the highest priority and implement compensating controls, such as network segmentation, without delay to mitigate risk while the patching process is underway.