Sign-up

ID

VAR-202112-0112


CVE

CVE-2021-43471


TITLE

Canon LBP223  Weak password requirement vulnerability in printers

Trust: 0.8

sources: JVNDB: JVNDB-2021-015843

DESCRIPTION

In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. Canon LBP223 A weak password requirement vulnerability exists in the printer.Service operation interruption (DoS) It may be in a state. Canon LBP223 is a printer of Canon (Canon) in Japan

Trust: 2.25

sources: NVD: CVE-2021-43471 // JVNDB: JVNDB-2021-015843 // CNVD: CNVD-2021-103085 // VULMON: CVE-2021-43471

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-103085

AFFECTED PRODUCTS

vendor:canonmodel:lbp223dwscope:eqversion: -

Trust: 1.0

vendor:キヤノンmodel:lbp223dwscope:eqversion: -

Trust: 0.8

vendor:キヤノンmodel:lbp223dwscope:eqversion:lbp223dw firmware

Trust: 0.8

vendor:キヤノンmodel:lbp223dwscope: - version: -

Trust: 0.8

vendor:canonmodel:lbp223scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-103085 // JVNDB: JVNDB-2021-015843 // NVD: CVE-2021-43471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43471
value: HIGH

Trust: 1.0

NVD: CVE-2021-43471
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-103085
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-351
value: HIGH

Trust: 0.6

VULMON: CVE-2021-43471
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-43471
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-103085
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-43471
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-43471
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-103085 // VULMON: CVE-2021-43471 // JVNDB: JVNDB-2021-015843 // CNNVD: CNNVD-202112-351 // NVD: CVE-2021-43471

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.0

problemtype:Weak password request (CWE-521) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015843 // NVD: CVE-2021-43471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-351

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-351

PATCH

title:top pageurl:https://canon.jp/

Trust: 0.8

title:CVE-2021-43471url:https://github.com/cxaqhq/CVE-2021-43471

Trust: 0.1

title: - url:https://github.com/cxaqhq/cxaqhq

Trust: 0.1

sources: VULMON: CVE-2021-43471 // JVNDB: JVNDB-2021-015843

EXTERNAL IDS

db:NVDid:CVE-2021-43471

Trust: 3.9

db:JVNDBid:JVNDB-2021-015843

Trust: 0.8

db:CNVDid:CNVD-2021-103085

Trust: 0.6

db:CNNVDid:CNNVD-202112-351

Trust: 0.6

db:VULMONid:CVE-2021-43471

Trust: 0.1

sources: CNVD: CNVD-2021-103085 // VULMON: CVE-2021-43471 // JVNDB: JVNDB-2021-015843 // CNNVD: CNNVD-202112-351 // NVD: CVE-2021-43471

REFERENCES

url:https://github.com/cxaqhq/cve-1

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43471

Trust: 1.4

url:https://github.com/cxaqhq/cve-2021-43471

Trust: 0.9

url:https://cwe.mitre.org/data/definitions/521.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-103085 // VULMON: CVE-2021-43471 // JVNDB: JVNDB-2021-015843 // CNNVD: CNNVD-202112-351 // NVD: CVE-2021-43471

SOURCES

db:CNVDid:CNVD-2021-103085
db:VULMONid:CVE-2021-43471
db:JVNDBid:JVNDB-2021-015843
db:CNNVDid:CNNVD-202112-351
db:NVDid:CVE-2021-43471

LAST UPDATE DATE

2024-11-23T22:54:45.568000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-103085date:2021-12-29T00:00:00
db:VULMONid:CVE-2021-43471date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-015843date:2022-11-30T09:12:00
db:CNNVDid:CNNVD-202112-351date:2021-12-08T00:00:00
db:NVDid:CVE-2021-43471date:2024-11-21T06:29:17.400

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-103085date:2021-12-29T00:00:00
db:VULMONid:CVE-2021-43471date:2021-12-06T00:00:00
db:JVNDBid:JVNDB-2021-015843date:2022-11-30T00:00:00
db:CNNVDid:CNNVD-202112-351date:2021-12-06T00:00:00
db:NVDid:CVE-2021-43471date:2021-12-06T13:15:07.410