Executive Summary
Summary | |
---|---|
Title | Canon digital multifunction copiers FTP bounce vulnerability |
Informations | |||
---|---|---|---|
Name | VU#568073 | First vendor Publication | 2008-02-28 |
Vendor | VU-CERT | Last vendor Modification | 2008-03-04 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#568073Canon digital multifunction copiers FTP bounce vulnerabilityOverviewSome models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack.I. DescriptionFrom the Problems With The FTP PORT Commanddocument:The FTP Bounce Attack Some Canon digital multifunction printers contain an FTP server that is vulnerable to the FTP bounce attack. II. ImpactA remote, unauthenticated attacker may be able to conduct port scans or send arbitrary (TCP) traffic to other hosts.III. SolutionWe are currently unaware of a practical solution to this problem.
References
Thanks to Canon for information that was used in this report. Canon credits Nate Johnson and the Indiana University for reporting this vulnerability. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/568073 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43118 | Canon Multiple Printers PORT Command FTP Proxy Bounce |