CVE-2020-16849

An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://blog.scadafence.com/vulnerability-report-cve-2020-16849	Third Party Advisory
https://www.canon-europe.com/support/product-security/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:canon:mf237w_firmware:06.07:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf237w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:canon:mf113w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf113w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:canon:mf212w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf212w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:canon:mf216n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf216n:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:canon:mf217w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf217w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:canon:mf226dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf226dn:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:canon:mf229dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf229dw:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:canon:mf231_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf231:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:canon:mf232w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf232w:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:canon:mf244dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf244dw:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:canon:mf247dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf247dw:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:canon:mf249dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf249dw:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:canon:mf264dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf264dw:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:canon:mf267dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf267dw:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:canon:mf269dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf269dw:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:canon:mf4570dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4570dn:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:canon:mf4580dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4580dn:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:canon:mf4780w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4780w:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:canon:mf4870dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4870dn:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:canon:mf4890dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4890dw:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:canon:lbp113w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp113w:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:canon:lbp151dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp151dw:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:canon:lbp162dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp162dw:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:canon:ir2202n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2202n:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:canon:ir2204n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2204n:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:canon:ir2204f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2204f:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:canon:ir2206n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2206n:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:canon:ir2206if_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2206if:-:*:*:*:*:*:*:*

Information

Published : 2020-11-30 14:15

Updated : 2020-12-04 09:38

NVD link : CVE-2020-16849

Mitre link : CVE-2020-16849

JSON object : View

CWE

NVD-CWE-Other

Products Affected

canon

mf4780w
mf247dw
lbp151dw
ir2204n_firmware
mf231
mf232w_firmware
ir2204f_firmware
mf212w
mf247dw_firmware
ir2206if
mf237w
mf244dw_firmware
ir2204f
mf229dw
mf226dn_firmware
mf4580dn
ir2206n
mf229dw_firmware
mf244dw
mf4890dw_firmware
mf216n_firmware
mf216n
mf4570dn
mf264dw_firmware
mf264dw
ir2202n
mf113w
mf4580dn_firmware
lbp151dw_firmware
ir2202n_firmware
mf232w
mf267dw
mf4570dn_firmware
mf226dn
mf4780w_firmware
mf217w_firmware
ir2204n
mf269dw
ir2206if_firmware
mf4870dn_firmware
mf237w_firmware
mf4890dw
lbp162dw_firmware
mf113w_firmware
ir2206n_firmware
mf269dw_firmware
mf249dw_firmware
mf4870dn
mf212w_firmware
lbp162dw
mf267dw_firmware
mf231_firmware
mf217w
lbp113w
lbp113w_firmware
mf249dw

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-16849

7.5^/10

5.0^/10

Attach tags to `CVE-2020-16849`