Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-20877

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.

Published

2022-02-08T11:15:07.663

Last Modified

2024-11-21T05:47:20.040

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	canon	2204f	-	Yes
Hardware	canon	2204n	-	Yes
Hardware	canon	2206if	-	Yes
Hardware	canon	lbp113w	-	Yes
Hardware	canon	lbp151dw	-	Yes
Hardware	canon	lbp162	-	Yes
Hardware	canon	lbp162dw	-	Yes
Hardware	canon	lbp162l	-	Yes
Hardware	canon	mf113w	-	Yes
Hardware	canon	mf212w	-	Yes
Hardware	canon	mf217w	-	Yes
Hardware	canon	mf222dw	-	Yes
Hardware	canon	mf224dw	-	Yes
Hardware	canon	mf227dw	-	Yes
Hardware	canon	mf229dw	-	Yes
Hardware	canon	mf232w	-	Yes
Hardware	canon	mf237w	-	Yes
Hardware	canon	mf242dw	-	Yes
Hardware	canon	mf244dw	-	Yes
Hardware	canon	mf245dw	-	Yes
Hardware	canon	mf247dw	-	Yes
Hardware	canon	mf249dw	-	Yes
Hardware	canon	mf262dw	-	Yes
Hardware	canon	mf264dw	-	Yes
Hardware	canon	mf265dw	-	Yes
Hardware	canon	mf267dw	-	Yes
Hardware	canon	mf269dw	-	Yes
Hardware	canon	mf269dw_vp	-	Yes
Hardware	canon	mf4570dn	-	Yes
Hardware	canon	mf4570dw	-	Yes
Hardware	canon	mf4770n	-	Yes
Hardware	canon	mf4780w	-	Yes
Hardware	canon	mf4880dw	-	Yes
Hardware	canon	mf4890dw	-	Yes

References

https://cweb.canon.jp/e-support/info/211221xss.html Vendor Advisory ([email protected])
https://jvn.jp/en/jp/JVN64806328/index.html Third Party Advisory ([email protected])
https://jvn.jp/jp/JVN64806328/index.html Third Party Advisory ([email protected])
https://www.canon-europe.com/support/product-security-latest-news/ Vendor Advisory ([email protected])
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting Vendor Advisory ([email protected])
https://cweb.canon.jp/e-support/info/211221xss.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN64806328/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/jp/JVN64806328/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.canon-europe.com/support/product-security-latest-news/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)