Sign-up

ID

VAR-201509-0494


CVE

CVE-2015-5631


TITLE

Canon PIXMA MG7500 Printer Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-06019 // CNNVD: CNNVD-201509-143

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. PIXMA MG7500 Series provided by Canon Inc. contain a cross-site request forgery vulnerability. TOMITA Ryo of Fukuoka Junior High School attached to the Fukuoka University of Education (FUE) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the Remote UI, unintended operations may be performed. The Canon PIXMA MG7500 is an inkjet MFP from Canon. The Remote UI is one of the remote user interfaces. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected device. This may aid in other attacks

Trust: 2.52

sources: NVD: CVE-2015-5631 // JVNDB: JVNDB-2015-000129 // CNVD: CNVD-2015-06019 // BID: 76711 // VULHUB: VHN-83592

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06019

AFFECTED PRODUCTS

vendor:canonmodel:pixma mg7500 series inkjet printerscope:eqversion: -

Trust: 1.6

vendor:canonmodel:pixma mg7500 seriesscope:eqversion:inkjet printer

Trust: 0.8

vendor:canonmodel:pixma mg7500 printersscope: - version: -

Trust: 0.6

vendor:canonmodel:inkjet printer pixma mg7500 seriesscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-06019 // BID: 76711 // JVNDB: JVNDB-2015-000129 // CNNVD: CNNVD-201509-143 // NVD: CVE-2015-5631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5631
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2015-000129
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-06019
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201509-143
value: MEDIUM

Trust: 0.6

VULHUB: VHN-83592
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5631
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000129
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-06019
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-83592
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-06019 // VULHUB: VHN-83592 // JVNDB: JVNDB-2015-000129 // CNNVD: CNNVD-201509-143 // NVD: CVE-2015-5631

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-83592 // JVNDB: JVNDB-2015-000129 // NVD: CVE-2015-5631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-143

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201509-143

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000129

PATCH
title:Useful Tips for Reducing the Risk of Unauthorized Access for Inkjet Printer (PIXMA series)/Business Inkjet Printer (MAXIFY series)url:http://www.canon.com/support/pdf/inkjet-printer.pdf
Trust: 0.8
title:Canon PIXMA MG7500 Printer Cross-Site Request Forgery Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/63986
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06019 // 
            
            
            
            JVNDB: JVNDB-2015-000129

EXTERNAL IDS
db:NVDid:CVE-2015-5631
Trust: 3.4
db:JVNid:JVN07427376
Trust: 3.4
db:JVNDBid:JVNDB-2015-000129
Trust: 3.1
db:CNNVDid:CNNVD-201509-143
Trust: 0.7
db:CNVDid:CNVD-2015-06019
Trust: 0.6
db:BIDid:76711
Trust: 0.4
db:VULHUBid:VHN-83592
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06019 // 
            
            
            
            VULHUB: VHN-83592 // 
            
            
            
            BID: 76711 // 
            
            
            
            JVNDB: JVNDB-2015-000129 // 
            
            
            
            CNNVD: CNNVD-201509-143 // 
            
            
            
            NVD: CVE-2015-5631

REFERENCES
url:http://jvn.jp/en/jp/jvn07427376/index.html
Trust: 3.1
url:http://www.canon.com/support/pdf/inkjet-printer.pdf
Trust: 1.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000129
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5631
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5631
Trust: 0.8
url:http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000129.html
Trust: 0.6
url:http://www.canon.com/
Trust: 0.3
url: http://jvn.jp/en/jp/jvn07427376/index.html jvn#07427376 
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06019 // 
            
            
            
            VULHUB: VHN-83592 // 
            
            
            
            BID: 76711 // 
            
            
            
            JVNDB: JVNDB-2015-000129 // 
            
            
            
            CNNVD: CNNVD-201509-143 // 
            
            
            
            NVD: CVE-2015-5631

CREDITS
TOMITA Ryo
Trust: 0.3
sources:
            
            
            BID: 76711

SOURCES
db:CNVDid:CNVD-2015-06019
db:VULHUBid:VHN-83592
db:BIDid:76711
db:JVNDBid:JVNDB-2015-000129
db:CNNVDid:CNNVD-201509-143
db:NVDid:CVE-2015-5631

LAST UPDATE DATE
2025-04-13T23:29:32.063000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06019date:2015-09-16T00:00:00
db:VULHUBid:VHN-83592date:2015-09-14T00:00:00
db:BIDid:76711date:2015-09-11T00:00:00
db:JVNDBid:JVNDB-2015-000129date:2015-09-15T00:00:00
db:CNNVDid:CNNVD-201509-143date:2015-09-14T00:00:00
db:NVDid:CVE-2015-5631date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06019date:2015-09-16T00:00:00
db:VULHUBid:VHN-83592date:2015-09-11T00:00:00
db:BIDid:76711date:2015-09-11T00:00:00
db:JVNDBid:JVNDB-2015-000129date:2015-09-11T00:00:00
db:CNNVDid:CNNVD-201509-143date:2015-09-14T00:00:00
db:NVDid:CVE-2015-5631date:2015-09-11T16:59:04.907