CVE-2020-16849

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

n issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.

References

Link	Resource
https://blog.scadafence.com/vulnerability-report-cve-2020-16849	Third Party Advisory
https://www.canon-europe.com/support/product-security/	Vendor Advisory
https://blog.scadafence.com/vulnerability-report-cve-2020-16849	Third Party Advisory
https://www.canon-europe.com/support/product-security/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:canon:mf237w_firmware:06.07:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf237w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:canon:mf113w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf113w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:canon:mf212w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf212w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:canon:mf216n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf216n:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:canon:mf217w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf217w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:canon:mf226dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf226dn:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:canon:mf229dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf229dw:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:canon:mf231_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf231:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:canon:mf232w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf232w:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:canon:mf244dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf244dw:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:canon:mf247dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf247dw:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:canon:mf249dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf249dw:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:canon:mf264dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf264dw:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:canon:mf267dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf267dw:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:canon:mf269dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf269dw:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:canon:mf4570dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4570dn:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:canon:mf4580dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4580dn:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:canon:mf4780w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4780w:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:canon:mf4870dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4870dn:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:canon:mf4890dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:mf4890dw:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:canon:lbp113w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp113w:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:canon:lbp151dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp151dw:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:canon:lbp162dw_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:lbp162dw:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:canon:ir2202n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2202n:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:canon:ir2204n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2204n:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:canon:ir2204f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2204f:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:canon:ir2206n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2206n:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:canon:ir2206if_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:canon:ir2206if:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:07

Type	Values Removed	Values Added
References	~~() https://blog.scadafence.com/vulnerability-report-cve-2020-16849 - Third Party Advisory~~	() https://blog.scadafence.com/vulnerability-report-cve-2020-16849 - Third Party Advisory
References	~~() https://www.canon-europe.com/support/product-security/ - Vendor Advisory~~	() https://www.canon-europe.com/support/product-security/ - Vendor Advisory

Information

Published : 2020-11-30 22:15

Updated : 2024-11-21 05:07

NVD link : CVE-2020-16849

Mitre link : CVE-2020-16849

CVE.ORG link : CVE-2020-16849

JSON object : View

Products Affected

canon

CWE

NVD-CWE-Other

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-16849

7.5^/10

5.0^/10

Attach tags to `CVE-2020-16849`