Skip to the content.

DIVD-2022-00042 - Canon print portals facing the internet

Our reference DIVD-2022-00042
Case lead Lennaert Oudshoorn
Author Simon Kort
Researcher(s)
  • Simon Kort
CVE(s)
Product Canon printer webportals
Versions Version independent
Recommendation If you received a notification about this case then your Canon print portal was detected as having one, or more, of the three vulnerabilities listed below. DIVD recommends to shield Canon print portals from the internet through a proxy, extra login or by not facing the portal towards the internet. Canon does not provide guidance, nor will it fix the CVE that is associated with one of the vulnerabilities.
Patch status Not available
Status Open
Last modified 08 Dec 2022 16:28

Summary

Canon network printers come with a print portal. In this portal you can see the status of your printer, upload files to print and generally manage the printer. These portals are effectively websites that can also face towards the internet. A malicious user could abuse the print portal and take control of your printer. There are three vulnerabilities in the print portal. If you have recieved a notification about this case then your print portal is vulnerable to one of more of them.

Open print portal

The print portal can have no authentication set up at all. In this case a malicious user can immediately do whatever it wants to the printer.

Guest user login

The print portal is setup to allow ‘guest’ users that do not need to have a credential, but can still do whatever they want to the printer.

CVE-2021-38154: Canon device Catwalk server privilege escalation

In versions of the print portal from between 2012 and 2020 the pincode option to authenticate can sometimes be bypassed by using the pin ‘0000’. This gives full access to the print portal.

What you can do

Limit who has access to the print portal and from where. Turn on authentication on the print portal. If the print portal is affected by : CVE-2021-38154 consider setting up HTTP basic authentication in addition to the Canon authentication process. A loadbalancer with a login from an identityprovider in front of the print portal can mitigate the risk as well. Canon has not patched this vulnerability. Other options are to let the print portal only be accessible through trusted network segments.

What we are doing

Timeline

Date Description
18 Aug 2022 Scanning for vulnerable Canon print portals begins
11 Nov 2022 Owners of vulnerable systems are informed
gantt title DIVD-2022-00042 - Canon print portals facing the internet dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00042 - Canon print portals facing the internet (still open) :2022-08-18, 2022-12-15 section Events Scanning for vulnerable Canon print portals begins : milestone, 2022-08-18, 0d Owners of vulnerable systems are informed : milestone, 2022-11-11, 0d

More information