Canon PIXMA MX722 Information Disclosure

medium Nessus Network Monitor Plugin ID 8179
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A networked Canon PIXMA printer was detected with insecure settings.

Description

The Canon PIXMA is prone to information disclosure due to its unencrypted traffic when responding to a request from a web client. Furthermore, no authentication was detected to process this request (i.e., the admin password was not set). Any unauthenticated user on the same network would be able to sniff the network settings, including the wifi password if used.

Solution

The vendor has not issued any updates, but this vulnerability may be somewhat mitigated by setting the admin password on the Canon printer device.

See Also

http://packetstormsecurity.com/files/125930/Canon-PIXMA-MX722-Printer-Wireless-Password-Disclosure.html

http://www.usa.canon.com/cusa/support/consumer/printers_multifunction/pixma_mx_series/pixma_mx722

Plugin Details

Severity: Medium

ID: 8179

Family: IoT

Published: 3/31/2014

Updated: 3/6/2019

Dependencies: 1442

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:X/RL:U/RC:X

Vulnerability Information

Vulnerability Publication Date: 3/28/2014

Reference Information

BID: 66527