CVE-2008-0303

The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
http://jvn.jp/en/jp/JVN10056705/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html
http://securitytracker.com/id?1019528
http://www.kb.cert.org/vuls/id/568073	US Government Resource
http://www.securityfocus.com/bid/28042
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
http://jvn.jp/en/jp/JVN10056705/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html
http://securitytracker.com/id?1019528
http://www.kb.cert.org/vuls/id/568073	US Government Resource
http://www.securityfocus.com/bid/28042
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:canon:i-sensys:lbp3360:::::::*
	cpe:2.3:a:canon:i-sensys:lbp3460:::::::*
	cpe:2.3:a:canon:i-sensys:lbp5360:::::::*
	cpe:2.3:a:canon:imagepress:c1:::::::*
	cpe:2.3:a:canon:imagerunner:85plus:::::::*
	cpe:2.3:a:canon:imagerunner:105plus:::::::*
	cpe:2.3:a:canon:imagerunner:2230:::::::*
	cpe:2.3:a:canon:imagerunner:2270:::::::*
	cpe:2.3:a:canon:imagerunner:2570c:::::::*
	cpe:2.3:a:canon:imagerunner:2570ci:::::::*
	cpe:2.3:a:canon:imagerunner:2870:::::::*
	cpe:2.3:a:canon:imagerunner:3025:::::::*
	cpe:2.3:a:canon:imagerunner:3025n:::::::*
	cpe:2.3:a:canon:imagerunner:3035:::::::*
	cpe:2.3:a:canon:imagerunner:3035n:::::::*
	cpe:2.3:a:canon:imagerunner:3045:::::::*
	cpe:2.3:a:canon:imagerunner:3045n:::::::*
	cpe:2.3:a:canon:imagerunner:3170c:::::::*
	cpe:2.3:a:canon:imagerunner:3170ci:::::::*
	cpe:2.3:a:canon:imagerunner:3180c:::::::*
	cpe:2.3:a:canon:imagerunner:3180ci:::::::*
	cpe:2.3:a:canon:imagerunner:3530:::::::*
	cpe:2.3:a:canon:imagerunner:3570:::::::*
	cpe:2.3:a:canon:imagerunner:4570:::::::*
	cpe:2.3:a:canon:imagerunner:5055:::::::*
	cpe:2.3:a:canon:imagerunner:5055n:::::::*
	cpe:2.3:a:canon:imagerunner:5065:::::::*
	cpe:2.3:a:canon:imagerunner:5065n:::::::*
	cpe:2.3:a:canon:imagerunner:5075:::::::*
	cpe:2.3:a:canon:imagerunner:5075n:::::::*
	cpe:2.3:a:canon:imagerunner:5570:::::::*
	cpe:2.3:a:canon:imagerunner:5800c:::::::*
	cpe:2.3:a:canon:imagerunner:5800cn:::::::*
	cpe:2.3:a:canon:imagerunner:6570:::::::*
	cpe:2.3:a:canon:imagerunner:6800c:::::::*
	cpe:2.3:a:canon:imagerunner:6800cn:::::::*
	cpe:2.3:a:canon:imagerunner:7086:::::::*
	cpe:2.3:a:canon:imagerunner:7095:::::::*
	cpe:2.3:a:canon:imagerunner:7095p:::::::*
	cpe:2.3:a:canon:imagerunner:7105:::::::*
	cpe:2.3:a:canon:imagerunner:8070:::::::*
	cpe:2.3:a:canon:imagerunner:c2380i:::::::*
	cpe:2.3:a:canon:imagerunner:c2620:::::::*
	cpe:2.3:a:canon:imagerunner:c2620n:::::::*
	cpe:2.3:a:canon:imagerunner:c2880:::::::*
	cpe:2.3:a:canon:imagerunner:c2880i:::::::*
	cpe:2.3:a:canon:imagerunner:c3220n:::::::*
	cpe:2.3:a:canon:imagerunner:c3380:::::::*
	cpe:2.3:a:canon:imagerunner:c3380i:::::::*
	cpe:2.3:a:canon:imagerunner:c4080i:::::::*
	cpe:2.3:a:canon:imagerunner:c4580i:::::::*
	cpe:2.3:a:canon:imagerunner:c5185i:::::::*
	cpe:2.3:a:canon:imagerunner:c5870:::::::*
	cpe:2.3:a:canon:imagerunner:c5870i:::::::*
	cpe:2.3:a:canon:imagerunner:c5880:::::::*
	cpe:2.3:a:canon:imagerunner:c5880i:::::::*
	cpe:2.3:a:canon:imagerunner:c6870i:::::::*
	cpe:2.3:a:canon:imagerunner:c6880:::::::*
	cpe:2.3:a:canon:imagerunner:c6880i:::::::*
	cpe:2.3:a:canon:imagerunner:clc4040:::::::*
	cpe:2.3:a:canon:imagerunner:clc5151:::::::*
	cpe:2.3:a:canon:imagerunner_2620::::::::
	cpe:2.3:a:canon:imagerunner_5000i::::::::
	cpe:2.3:a:canon:imagerunner_5020::::::::
cpe:2.3:a:canon:imagerunner_6870::::::::
cpe:2.3:a:canon:imagerunner_8500::::::::
cpe:2.3:a:canon:imagerunner_9070::::::::
cpe:2.3:a:canon:imagerunner_c3200::::::::
cpe:2.3:a:canon:imagerunner_c3220::::::::
cpe:2.3:a:canon:imagerunner_c6800::::::::

History

21 Nov 2024, 00:41

Type	Values Removed	Values Added
References	~~() http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack -~~	() http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack -
References	~~() http://jvn.jp/en/jp/JVN10056705/index.html -~~	() http://jvn.jp/en/jp/JVN10056705/index.html -
References	~~() http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html -~~	() http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html -
References	~~() http://securitytracker.com/id?1019528 -~~	() http://securitytracker.com/id?1019528 -
References	~~() http://www.kb.cert.org/vuls/id/568073 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/568073 - US Government Resource
References	~~() http://www.securityfocus.com/bid/28042 -~~	() http://www.securityfocus.com/bid/28042 -
References	~~() http://www.usa.canon.com/html/security/pdf/CVA-001.pdf -~~	() http://www.usa.canon.com/html/security/pdf/CVA-001.pdf -

Information

Published : 2008-02-29 02:44

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0303

Mitre link : CVE-2008-0303

CVE.ORG link : CVE-2008-0303

JSON object : View

Products Affected

canon

i-sensys
imagerunner_c3220
imagerunner_5020
imagerunner_8500
imagepress
imagerunner_2620
imagerunner_6870
imagerunner_c6800
imagerunner
imagerunner_c3200
imagerunner_9070
imagerunner_5000i

CWE

NVD-CWE-Other

6.4 /10