CVE-2022-24673
Published: 28 March 2023
Summary
CVE-2022-24673 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Canon D1620 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
This vulnerability is a stack-based buffer overflow in the SLP protocol handler of the Canon imageCLASS MF644Cdw printer running firmware version 10.02. The flaw, tracked as ZDI-CAN-15845 and assigned CWE-121 and CWE-787, stems from missing bounds checks on attacker-supplied data copied into a fixed-length buffer and carries a CVSS 3.1 score of 9.8.
Unauthenticated remote attackers can send specially crafted SLP packets over the network to trigger the overflow, achieving arbitrary code execution with root privileges on the affected printer. No user interaction or credentials are required, and the attack can be launched from any reachable network position.
Canon has issued product advisories that describe firmware-level measures to address the buffer overflow, while the Zero Day Initiative has published the corresponding technical advisory detailing the issue.
The EPSS score for this CVE rose from a low baseline to a peak of 0.0917, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29545
Vulnerability details
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results…
more
from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.