{ "id": "CVE-2021-20877", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2022-02-08T11:15:07.663", "lastModified": "2022-02-14T21:07:30.460", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors." }, { "lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting en las impresoras l\u00e1ser y multifuncionales de peque\u00f1a oficina de Canon (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, y MF229dw/MF224dw/MF222dw vendidos en Jap\u00f3n, la serie MF imageCLASS (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW VP, y MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) y la serie imageCLASS LBP (LBP113W/LBP151DW/LBP162DW ) vendidas en EE.UU., e iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w y MF4890dw) y imageRUNNER (2206IF, 2204N y 2204F) vendidos en Europa) permite a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.7, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 3.5 }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:h:canon:2204f:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CE733C2-C168-44DB-A7CD-E843CA419DA4" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:2204n:-:*:*:*:*:*:*:*", "matchCriteriaId": "6136055F-640E-4270-AE5B-4DB7BCAD3A73" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:2206if:-:*:*:*:*:*:*:*", "matchCriteriaId": "96281AFA-FBFB-40D8-8462-EDF06654B68C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:lbp113w:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DF50F0A-0B4C-4B5C-A3D8-2B8DA5266CA6" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:lbp151dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "249B2617-22D5-4E83-9AF9-ABE3280D5330" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:lbp162:-:*:*:*:*:*:*:*", "matchCriteriaId": "18D10A1A-31C7-4B7E-B571-BF794FE90453" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:lbp162dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8006A58-6A22-44A4-873A-8C88998B3B4E" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:lbp162l:-:*:*:*:*:*:*:*", "matchCriteriaId": "862785C2-3F5F-45D6-8EAD-E81B08ED9745" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf113w:-:*:*:*:*:*:*:*", "matchCriteriaId": "10E9019D-689F-4438-AB63-0D3B4BC2D1CF" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf212w:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BFF65AB-5D73-487E-B4E0-E773922B953E" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf217w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4660CAEC-C9E9-4081-A594-1C669D98B923" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf222dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF4B2D83-45E3-4D1C-8DD5-35750C20BE00" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf224dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "98611A24-5F63-45E5-B028-1D4B0090B9B8" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf227dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "467B13AB-4F81-466E-8F04-2030A868451B" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf229dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C8B2246-BE16-4EA0-9B3D-1A3626BF37DB" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf232w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A64DF80-8323-4DEF-991B-5657910E7504" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf237w:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC88D5BA-D54A-46AF-9F68-28BC78F1061C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf242dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA3FD0C2-0030-45ED-A7E3-BCC91CD2EEAE" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf244dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2B39590-B870-43C0-A0E7-D293DCCBBA76" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf245dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "162D13F4-6CD5-4C31-B6A7-34AD1752BFE1" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf247dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2F8688C-F46F-4038-99F3-B2DBC0F6A4D3" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf249dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "314AC8CD-29AA-4F0C-88C0-7613645EE891" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf262dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C23914F-3BAB-4E5F-9AAC-C686554C2063" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf264dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "49944C71-0486-4D6B-B5E4-98ED236A94B2" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf265dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5164A7F-7393-4986-82B6-73748E1DBE94" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf267dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEE6904A-EA34-40FA-96C8-B45068F73ED8" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf269dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "6658823D-A276-40E2-B00C-E77583896D10" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf269dw_vp:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0A2F214-97CB-4998-8681-4D255169DCFE" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf4570dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E794B9A-280A-4DF6-BC52-9D225ABF2B88" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf4570dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E9494B2-AA76-4A03-B1A1-EA70CBC51F0B" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf4770n:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D210895-DA17-40DF-BFCF-2FF67BEA0A46" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf4780w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6C2EFBD-6421-4027-9710-2FE3A5F631D5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf4880dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CB9F5F9-1E67-4314-85BB-6209987FBCC0" }, { "vulnerable": true, "criteria": "cpe:2.3:h:canon:mf4890dw:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F6C210A-329A-45CC-9165-77E37499E358" } ] } ] } ], "references": [ { "url": "https://cweb.canon.jp/e-support/info/211221xss.html", "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ] }, { "url": "https://jvn.jp/en/jp/JVN64806328/index.html", "source": "vultures@jpcert.or.jp", "tags": [ "Third Party Advisory" ] }, { "url": "https://jvn.jp/jp/JVN64806328/index.html", "source": "vultures@jpcert.or.jp", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.canon-europe.com/support/product-security-latest-news/", "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/Service-Notice-Canon-Laser-Printer-and-Small-Office-Multifunctional-Printer-related-to-cross-site-scripting", "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ] } ] }