Details of VAR-202201-1352

ID

VAR-202201-1352

CVE

CVE-2021-20877

TITLE

Canon Multiple product cross-site scripting vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-202201-1697

DESCRIPTION

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.

Trust: 1.0

sources: NVD: CVE-2021-20877

AFFECTED PRODUCTS

vendor:	canon	model:	mf4880dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf217w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf113w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf247dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	lbp151dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf232w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf224dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	2206if	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	lbp162	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf237w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf4780w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf229dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf242dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf262dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	lbp162dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf244dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf269dw vp	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf245dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf4890dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf222dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf265dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf267dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf227dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf212w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf269dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	2204n	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf4570dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf264dw	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	lbp113w	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf4570dn	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf4770n	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	lbp162l	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	2204f	scope:	eq	version:	-	Trust: 1.0
vendor:	canon	model:	mf249dw	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2021-20877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20877
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202201-1697
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-20877
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

nvd@nist.gov:	CVE-2021-20877
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202201-1697 // NVD: CVE-2021-20877

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2021-20877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1697

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202201-1697

PATCH

title:

Canon Repair measures for cross-site scripting vulnerabilities in multiple products

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182337

Trust: 0.6

sources: CNNVD: CNNVD-202201-1697

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20877	Trust: 1.6
db:	JVN	id:	JVN64806328	Trust: 1.6
db:	CS-HELP	id:	SB2022011917	Trust: 0.6
db:	JVNDB	id:	JVNDB-2022-000001	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1697	Trust: 0.6

sources: CNNVD: CNNVD-202201-1697 // NVD: CVE-2021-20877

REFERENCES

url:	https://cweb.canon.jp/e-support/info/211221xss.html	Trust: 1.6
url:	https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/service-notice-canon-laser-printer-and-small-office-multifunctional-printer-related-to-cross-site-scripting	Trust: 1.6
url:	https://jvn.jp/en/jp/jvn64806328/index.html	Trust: 1.6
url:	https://jvn.jp/jp/jvn64806328/index.html	Trust: 1.6
url:	https://www.canon-europe.com/support/product-security-latest-news/	Trust: 1.6
url:	https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000001.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011917	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20877	Trust: 0.6

sources: CNNVD: CNNVD-202201-1697 // NVD: CVE-2021-20877

SOURCES

db:	CNNVD	id:	CNNVD-202201-1697
db:	NVD	id:	CVE-2021-20877

LAST UPDATE DATE

2024-08-14T13:53:40.760000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202201-1697	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-20877	date:	2022-02-14T21:07:30.460

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202201-1697	date:	2022-01-19T00:00:00
db:	NVD	id:	CVE-2021-20877	date:	2022-02-08T11:15:07.663