This time, on August 23rd, 2021 a software vulnerability once again concerns equipment used by enterprises. Specifically, this concerns a software component of the Canon Océ printer line. These printers are large format printers that are popular in the industry. Fresh reports from CVE (Common Vulnerabilities and Exposures) reveal that this concerns a Canon Océ print exec workgroup vulnerability affecting Canon enterprise products. According to official Canon documentation, “Océ Print Exec Workgroup is a software application which allows you to create and send, in a highly productive way, a set of drawing files to an Océ printer.”
The Canon Océ Print Exec Workgroup Vulnerability
On August 23rd, 2021, the public CVE database revealed XSS and host header injection vulnerabilities in Canon’s Canon Océ Print Exec Workgroup 1.3.2 software. Such vulnerabilities can lead a remote attacker to escalate privileges as well as impacting confidentiality, integrity, and availability in general.
In-Depth Details
A vulnerability classified as critical has been discovered in the Canon Océ Print Exec Workgroup 1.3.2. The component Host Header Handler is affected by unknown processing. Manipulation with an unknown input leads to potential privilege escalation vulnerabilities. Furthermore, an unknown function of the Parameter Handler component has also been affected, which can lead to cross-site scripting vulnerabilities. An attacker may thus inject arbitrary HTML and script code into the website, potentially allowing attacks against visitors of the website. More information suggests that an attacker may also be able to inject harmful payloads (malware) that can manipulate server-side behavior. The vulnerability has been ascribed to CVE ID code CVE-2021-39367 and CVE-2021-39368. This is an easily exploitable (abusable) vulnerability when a local network is accessed, according to security research information.
Important Information For Users
As of right now, there is no security fix for the vulnerability. According to the U.S. government’s national vulnerability database, both vulnerability codes are still “undergoing analysis.” It is recommended for users of Canon Océ products to contact Canon support concerning this issue as soon as possible.