Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0303

The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

Security Impact Summary

CVE-2008-0303 is a security vulnerability that . Impacting 12 products from canon, from canon, from canon and 9 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-02-29T02:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	canon	i-sensys	lbp3360	Yes
Application	canon	i-sensys	lbp3460	Yes
Application	canon	i-sensys	lbp5360	Yes
Application	canon	imagepress	c1	Yes
Application	canon	imagerunner	85plus	Yes
Application	canon	imagerunner	105plus	Yes
Application	canon	imagerunner	2230	Yes
Application	canon	imagerunner	2270	Yes
Application	canon	imagerunner	2570c	Yes
Application	canon	imagerunner	2570ci	Yes
Application	canon	imagerunner	2870	Yes
Application	canon	imagerunner	3025	Yes
Application	canon	imagerunner	3025n	Yes
Application	canon	imagerunner	3035	Yes
Application	canon	imagerunner	3035n	Yes
Application	canon	imagerunner	3045	Yes
Application	canon	imagerunner	3045n	Yes
Application	canon	imagerunner	3170c	Yes
Application	canon	imagerunner	3170ci	Yes
Application	canon	imagerunner	3180c	Yes
Application	canon	imagerunner	3180ci	Yes
Application	canon	imagerunner	3530	Yes
Application	canon	imagerunner	3570	Yes
Application	canon	imagerunner	4570	Yes
Application	canon	imagerunner	5055	Yes
Application	canon	imagerunner	5055n	Yes
Application	canon	imagerunner	5065	Yes
Application	canon	imagerunner	5065n	Yes
Application	canon	imagerunner	5075	Yes
Application	canon	imagerunner	5075n	Yes
Application	canon	imagerunner	5570	Yes
Application	canon	imagerunner	5800c	Yes
Application	canon	imagerunner	5800cn	Yes
Application	canon	imagerunner	6570	Yes
Application	canon	imagerunner	6800c	Yes
Application	canon	imagerunner	6800cn	Yes
Application	canon	imagerunner	7086	Yes
Application	canon	imagerunner	7095	Yes
Application	canon	imagerunner	7095p	Yes
Application	canon	imagerunner	7105	Yes
Application	canon	imagerunner	8070	Yes
Application	canon	imagerunner	c2380i	Yes
Application	canon	imagerunner	c2620	Yes
Application	canon	imagerunner	c2620n	Yes
Application	canon	imagerunner	c2880	Yes
Application	canon	imagerunner	c2880i	Yes
Application	canon	imagerunner	c3220n	Yes
Application	canon	imagerunner	c3380	Yes
Application	canon	imagerunner	c3380i	Yes
Application	canon	imagerunner	c4080i	Yes
Application	canon	imagerunner	c4580i	Yes
Application	canon	imagerunner	c5185i	Yes
Application	canon	imagerunner	c5870	Yes
Application	canon	imagerunner	c5870i	Yes
Application	canon	imagerunner	c5880	Yes
Application	canon	imagerunner	c5880i	Yes
Application	canon	imagerunner	c6870i	Yes
Application	canon	imagerunner	c6880	Yes
Application	canon	imagerunner	c6880i	Yes
Application	canon	imagerunner	clc4040	Yes
Application	canon	imagerunner	clc5151	Yes
Application	canon	imagerunner_2620	*	Yes
Application	canon	imagerunner_5000i	*	Yes
Application	canon	imagerunner_5020	*	Yes
Application	canon	imagerunner_6870	*	Yes
Application	canon	imagerunner_8500	*	Yes
Application	canon	imagerunner_9070	*	Yes
Application	canon	imagerunner_c3200	*	Yes
Application	canon	imagerunner_c3220	*	Yes
Application	canon	imagerunner_c6800	*	Yes

References

http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack ([email protected])
http://jvn.jp/en/jp/JVN10056705/index.html ([email protected])
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html ([email protected])
http://securitytracker.com/id?1019528 ([email protected])
http://www.kb.cert.org/vuls/id/568073 US Government Resource ([email protected])
http://www.securityfocus.com/bid/28042 ([email protected])
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf ([email protected])
http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack (af854a3a-2127-422b-91ae-364da2661108)
http://jvn.jp/en/jp/JVN10056705/index.html (af854a3a-2127-422b-91ae-364da2661108)
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000013.html (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019528 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/568073 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28042 (af854a3a-2127-422b-91ae-364da2661108)
http://www.usa.canon.com/html/security/pdf/CVA-001.pdf (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For canon's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.