CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12647

Medium Severity
SVRS
36/100
CVSSv3
NA/10
EPSS
0.00073/1

CVE-2024-12647 is a buffer overflow vulnerability in Canon printers. This flaw resides in the CPCA font download processing of several Small Office Multifunction and Laser Printers. An attacker on the same network segment could exploit this vulnerability to cause the printer to become unresponsive or, more severely, execute arbitrary code.

The affected printers include models from the Satera, Color imageCLASS, and i-SENSYS lines, with firmware versions v05.04 and earlier. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) of 36 indicates a moderate level of risk. Successful exploitation of this buffer overflow can lead to significant disruptions and potential arbitrary code execution. Organizations using these printers should apply the necessary firmware updates to mitigate this risk and prevent unauthorized access or control of their printing devices. This Canon printer vulnerability poses a tangible threat, highlighting the importance of proactive patching.

TAGS
Vendor-advisory
In The Wild
VECTOR STRING
PUBLICATION DATE2025-01-28
LAST MODIFIED2025-01-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12647 is a critical vulnerability affecting specific models of Canon Small Office Multifunction Printers and Laser Printers. This vulnerability stems from a buffer overflow flaw within the CPCA font download processing component. Exploitation of this flaw could allow a remote attacker on the same network segment to trigger the affected device to become unresponsive or execute arbitrary code.

Despite having a high CVSS score (9.8), the SOCRadar Vulnerability Risk Score (SVRS) for this CVE is 42. This lower SVRS indicates that although the vulnerability is severe, the immediate risk is moderate. However, it's crucial to understand that this risk can escalate quickly, especially if active exploits are discovered.

Key Insights

  • Targeted Devices: This vulnerability affects specific models of Canon printers sold in Japan, US, and Europe, including the Satera MF656Cdw/MF654Cdw, Color imageCLASS MF656Cdw/MF654Cdw/MF653Cdw/MF652Cdw/LBP633Cdw/LBP632Cdw, and i-SENSYS MF657Cdw/MF655Cdw/MF651Cdw/LBP633Cdw/LBP631Cdw series. Firmware versions 05.04 and earlier are vulnerable.
  • Remote Code Execution: Successful exploitation could lead to remote code execution on the affected printer, allowing an attacker to take complete control of the device. This could be used for malicious purposes like installing malware, accessing sensitive data, or launching further attacks against other devices on the network.
  • Network-based Exploitation: The vulnerability can be exploited by attackers within the same network segment, meaning any device on the same network as the vulnerable printer could potentially be compromised.
  • Limited Public Information: At this time, there is no publicly available information regarding specific Threat Actors/APT groups exploiting CVE-2024-12647. However, the possibility of active exploitation cannot be ruled out, particularly considering the vulnerability's severity.

Mitigation Strategies

  • Update Firmware: The most effective mitigation strategy is to immediately update the firmware of all affected printers to the latest version. Canon has released patches addressing this vulnerability.
  • Network Segmentation: Implement network segmentation to isolate vulnerable printers from other sensitive systems, reducing the potential impact of a successful attack.
  • Restrict Network Access: Limit network access to the printers, allowing only necessary connections. This reduces the attack surface and makes it harder for attackers to exploit the vulnerability.
  • Monitor for Suspicious Activity: Implement security monitoring solutions that can detect unusual activity on the network and devices, including printer behavior. This can help identify and respond to potential attacks early on.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ZDI-25-073: (Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability
2025-04-01
ZDI-25-073: (Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-12647.
zerodayinitiative.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
Ajit Jasrotia2025-02-03
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February] | This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky […] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February] appeared
allhackernews.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February] - The Hacker News
2025-02-03
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February] - The Hacker News | News Content: This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. Let's take a closer look at how these efforts are shaping a safer digital world. ⚡ Threat of the Week
google.com
rss
forum
news
Canon Printer Vulnerabilities Let Attackers Execute Arbitrary Code Remotely
Kaaviya Ragupathy2025-01-30
Canon Printer Vulnerabilities Let Attackers Execute Arbitrary Code Remotely | Multiple critical security vulnerabilities affecting Canon Laser Printers and Small Office Multifunctional Printers.  These vulnerabilities, identified as buffer overflow flaws, could allow attackers to execute arbitrary code remotely or render the devices inoperative through Denial-of-Service (DoS) attacks.  The affected models include the imageCLASS MF Series (MF656CDW, MF654CDW, MF653CDW, MF652CW) and imageCLASS LBP Series (LBP632CDW, LBP633CDW). […] The post Canon Printer Vulnerabilities Let Attackers Execute Arbitrary Code Remotely appeared
cybersecuritynews.com
rss
forum
news
CVE-2024-12647 | Canon Satera MF656Cdw up to 05.04 out-of-bounds write
vuldb.com2025-01-28
CVE-2024-12647 | Canon Satera MF656Cdw up to 05.04 out-of-bounds write | A vulnerability, which was classified as very critical, was found in Canon Satera MF656Cdw, Satera MF654Cdw, Color imageCLASS MF656Cdw, Color imageCLASS MF654Cdw, Color imageCLASS MF653Cdw, Color imageCLASS MF652Cdw, Color imageCLASS LBP633Cdw, Color imageCLASS LBP632Cdw, i-SENSYS MF657Cdw, i-SENSYS MF655Cdw, i-SENSYS MF651Cdw, i-SENSYS LBP633Cdw and i-SENSYS LBP631Cdw up to 05.04. Affected is an unknown function. The manipulation leads to out-of-bounds write. This
vuldb.com
rss
forum
news

Social Media

RT @Dinosn: CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution https://t.co/SIuQbE8zR9 iocs: https://securityonline.info/cve-2024-12647-cvss-9-8-canon-printers-at-risk-of-remote-code-execution/
0
5
0
CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution https://t.co/SIuQbE8zR9
0
3
6
CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution Find out about the flaws CVE-2024-12647, CVE-2024-12648, and CVE-2024-12649 in Canon Laser Printers and Small Office Multifunction Printers. Take action to secure your devices. https://t.co/dqsKW05hXz
0
0
2
🗣 CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution https://t.co/0UITSFPFLk
0
0
0
CVE-2024-12647 Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to tr… https://t.co/gIVeK9ZUxp
0
0
1
[CVE-2024-12647: CRITICAL] Cyber security alert: Buffer overflow in CPCA font download on Small Office Printers may lead to unresponsive behavior or arbitrary code execution. Firmware updates recommended.#cybersecurity,#vulnerability https://t.co/5B98RwEy6q https://t.co/W2c9rsgUEV
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
F98C90F0-E9BD-4FA7-911B-51993F3571FDhttps://canon.jp/support/support-info/250127vulnerability-response
F98C90F0-E9BD-4FA7-911B-51993F3571FDhttps://psirt.canon/advisory-information/cp2025-001/
F98C90F0-E9BD-4FA7-911B-51993F3571FDhttps://www.canon-europe.com/support/product-security/#news
F98C90F0-E9BD-4FA7-911B-51993F3571FDhttps://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
GITHUBhttps://www.canon-europe.com/support/product-security/#news

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence