CVE-2023-6234

CRITICAL
Published Feb 6, 2024 Modified Nov 21, 2024 CWE-787

Description

Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.

Is your site exposed to CVE-2023-6234?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-787 Out-of-bounds Write

Affected Products

Vendor Product
canon mf755cdw_firmware
canon mf755cdw
canon mf753cdw_firmware
canon mf753cdw
canon mf751cdw_firmware
canon mf751cdw
canon lbp674c_firmware
canon lbp674c
canon lbp672c_firmware
canon lbp672c
canon lbp671c_firmware
canon lbp671c
canon mf1238_ii_firmware
canon mf1238_ii
canon mf1333c_firmware
canon mf1333c
canon mf1643i_ii_firmware
canon mf1643i_ii
canon mf1643if_ii_firmware
canon mf1643if_ii
canon mf275dw_firmware
canon mf275dw
canon mf273dw_firmware
canon mf273dw
canon mf272dw_firmware
canon mf272dw
canon mf455dw_firmware
canon mf455dw
canon mf453dw_firmware
canon mf453dw
canon mf452dw_firmware
canon mf452dw
canon mf451dw_firmware
canon mf451dw
canon lbp122dw_firmware
canon lbp122dw
canon lbp1238_ii_firmware
canon lbp1238_ii
canon lbp1333c_firmware
canon lbp1333c
canon lbp237dw_firmware
canon lbp237dw
canon lbp236dw_firmware
canon lbp236dw
canon lbp674cdw_firmware
canon lbp674cdw
canon i-sensys_mf754cdw_firmware
canon i-sensys_mf754cdw
canon i-sensys_x_c1333if_firmware
canon i-sensys_x_c1333if
canon i-sensys_lbp673cdw_firmware
canon i-sensys_lbp673cdw
canon i-sensys_mf752cdw_firmware
canon i-sensys_mf752cdw
canon i-sensys_x_c1333i_firmware
canon i-sensys_x_c1333i
canon i-sensys_x_c1333p_firmware
canon i-sensys_x_c1333p

References

Frequently Asked Questions

What is CVE-2023-6234? +
Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2023-6234? +
CVE-2023-6234 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2023-6234? +
CVE-2023-6234 affects products from canon, specifically: i-sensys_lbp673cdw, i-sensys_lbp673cdw_firmware, i-sensys_mf752cdw, i-sensys_mf752cdw_firmware, i-sensys_mf754cdw, i-sensys_mf754cdw_firmware, i-sensys_x_c1333i, i-sensys_x_c1333i_firmware, i-sensys_x_c1333if, i-sensys_x_c1333if_firmware, i-sensys_x_c1333p, i-sensys_x_c1333p_firmware, lbp122dw, lbp122dw_firmware, lbp1238_ii, lbp1238_ii_firmware, lbp1333c, lbp1333c_firmware, lbp236dw, lbp236dw_firmware, lbp237dw, lbp237dw_firmware, lbp671c, lbp671c_firmware, lbp672c, lbp672c_firmware, lbp674c, lbp674c_firmware, lbp674cdw, lbp674cdw_firmware, mf1238_ii, mf1238_ii_firmware, mf1333c, mf1333c_firmware, mf1643i_ii, mf1643i_ii_firmware, mf1643if_ii, mf1643if_ii_firmware, mf272dw, mf272dw_firmware, mf273dw, mf273dw_firmware, mf275dw, mf275dw_firmware, mf451dw, mf451dw_firmware, mf452dw, mf452dw_firmware, mf453dw, mf453dw_firmware, mf455dw, mf455dw_firmware, mf751cdw, mf751cdw_firmware, mf753cdw, mf753cdw_firmware, mf755cdw, mf755cdw_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-6234? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-6234 — free, no signup required.