Canon ImageRUNNER Printer Email Arbitrary Content Printing / DoS

Medium Nessus Network Monitor Plugin ID 2319

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host seems to be a Canon ImageRUNNER printer, running an SMTP service. It is possible to send an email to the remote service and it will print its content. An attacker may use this flaw to send an endless stream of emails to the remote device and cause a denial of service by using all the paper in printer.

Solution

Disable the email printing service using the web interface.

See Also

http://archives.neohapsis.com/archives/bugtraq/2004-09/0307.html

Plugin Details

Severity: Medium

ID: 2319

Family: IoT

Published: 2004/09/24

Updated: 2019/03/06

Dependencies: 2004, 2005

Nessus ID: 14819

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSS v3.0

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:canon:imagerunner

Reference Information

CVE: CVE-2004-2166

BID: 11247