Regarding the Security Advisory for Canon Laser Printer and Small Office Multifunctional Printer Related to IP Stack Protocol
Thank you for using Canon Products.
SCADAfence Ltd, a cybersecurity company headquartered in Israel, has drawn to our attention the vulnerabilities related to the IP stack protocol, which is used by Canon Laser Printer and Small office Multifunctional Printer. (CVE-2020-16849)
Due to these vulnerabilities, a potential risk exists for a third-party attack on the printer if it is connected to a PC and fragmentary “Address book” or/and “administrator password” has been accessed through an unsecured network. When HTTPS is used for accessing the Remote UI, it is secure as those data are encrypted.
There have not been any confirmed cases of these vulnerabilities being exploited to cause harm, but to ensure that our customers' confidentiality and can use our products securely, we would like to request you to update firmware for the products mentioned below.
Furthermore, we recommend you to set a private IP address for the products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
We have outlined several security measures to ensure customers can continue to use their Canon products more securely, please refer to “Regarding security for products connected to a network” here.
For imageCLASS products, please proceed to our support website for firmware download.
For imageRUNNER products, please contact your local Canon service representative for support.
First posted on 30 Sep 2020