Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-16849

An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.

Published

2020-11-30T22:15:10.777

Last Modified

2024-11-21T05:07:15.857

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	canon	mf237w_firmware	06.07	Yes
Hardware	canon	mf237w	-	No
Operating System	canon	mf113w_firmware	-	Yes
Hardware	canon	mf113w	-	No
Operating System	canon	mf212w_firmware	-	Yes
Hardware	canon	mf212w	-	No
Operating System	canon	mf216n_firmware	-	Yes
Hardware	canon	mf216n	-	No
Operating System	canon	mf217w_firmware	-	Yes
Hardware	canon	mf217w	-	No
Operating System	canon	mf226dn_firmware	-	Yes
Hardware	canon	mf226dn	-	No
Operating System	canon	mf229dw_firmware	-	Yes
Hardware	canon	mf229dw	-	No
Operating System	canon	mf231_firmware	-	Yes
Hardware	canon	mf231	-	No
Operating System	canon	mf232w_firmware	-	Yes
Hardware	canon	mf232w	-	No
Operating System	canon	mf244dw_firmware	-	Yes
Hardware	canon	mf244dw	-	No
Operating System	canon	mf247dw_firmware	-	Yes
Hardware	canon	mf247dw	-	No
Operating System	canon	mf249dw_firmware	-	Yes
Hardware	canon	mf249dw	-	No
Operating System	canon	mf264dw_firmware	-	Yes
Hardware	canon	mf264dw	-	No
Operating System	canon	mf267dw_firmware	-	Yes
Hardware	canon	mf267dw	-	No
Operating System	canon	mf269dw_firmware	-	Yes
Hardware	canon	mf269dw	-	No
Operating System	canon	mf4570dn_firmware	-	Yes
Hardware	canon	mf4570dn	-	No
Operating System	canon	mf4580dn_firmware	-	Yes
Hardware	canon	mf4580dn	-	No
Operating System	canon	mf4780w_firmware	-	Yes
Hardware	canon	mf4780w	-	No
Operating System	canon	mf4870dn_firmware	-	Yes
Hardware	canon	mf4870dn	-	No
Operating System	canon	mf4890dw_firmware	-	Yes
Hardware	canon	mf4890dw	-	No
Operating System	canon	lbp113w_firmware	-	Yes
Hardware	canon	lbp113w	-	No
Operating System	canon	lbp151dw_firmware	-	Yes
Hardware	canon	lbp151dw	-	No
Operating System	canon	lbp162dw_firmware	-	Yes
Hardware	canon	lbp162dw	-	No
Operating System	canon	ir2202n_firmware	-	Yes
Hardware	canon	ir2202n	-	No
Operating System	canon	ir2204n_firmware	-	Yes
Hardware	canon	ir2204n	-	No
Operating System	canon	ir2204f_firmware	-	Yes
Hardware	canon	ir2204f	-	No
Operating System	canon	ir2206n_firmware	-	Yes
Hardware	canon	ir2206n	-	No
Operating System	canon	ir2206if_firmware	-	Yes
Hardware	canon	ir2206if	-	No

References

https://blog.scadafence.com/vulnerability-report-cve-2020-16849 Third Party Advisory ([email protected])
https://www.canon-europe.com/support/product-security/ Vendor Advisory ([email protected])
https://blog.scadafence.com/vulnerability-report-cve-2020-16849 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.canon-europe.com/support/product-security/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)