Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 5/28/2016 3:58:51 PM

CVE Publication rate: 20.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 12.5
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber Awareness System

Vulnerability Summary for CVE-2008-0303

Original release date: 02/28/2008
Last revised: 03/13/2009
Source: US-CERT/NIST

Overview

The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score: 6.4 MEDIUM
Impact Subscore: 4.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID
Name: 28042
External Source: SECTRACK
Name: 1019528
External Source: CONFIRM
Name: http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
US-CERT Vulnerability Note: CERT-VN
Name: VU#568073
External Source: JVNDB
Name: JVNDB-2008-000013
External Source: JVN
Name: JVN#10056705
External Source: MISC
Name: http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack

Vulnerable software and versions

+ Configuration 1
+ OR
cpe:/a:canon:i-sensys:lbp3360
cpe:/a:canon:i-sensys:lbp3460
cpe:/a:canon:i-sensys:lbp5360
cpe:/a:canon:imagepress:c1
cpe:/a:canon:imagerunner:105plus
cpe:/a:canon:imagerunner:2230
cpe:/a:canon:imagerunner:2270
cpe:/a:canon:imagerunner:2570c
cpe:/a:canon:imagerunner:2570ci
cpe:/a:canon:imagerunner:2870
cpe:/a:canon:imagerunner:3025
cpe:/a:canon:imagerunner:3025n
cpe:/a:canon:imagerunner:3035
cpe:/a:canon:imagerunner:3035n
cpe:/a:canon:imagerunner:3045
cpe:/a:canon:imagerunner:3045n
cpe:/a:canon:imagerunner:3170c
cpe:/a:canon:imagerunner:3170ci
cpe:/a:canon:imagerunner:3180c
cpe:/a:canon:imagerunner:3180ci
cpe:/a:canon:imagerunner:3530
cpe:/a:canon:imagerunner:3570
cpe:/a:canon:imagerunner:4570
cpe:/a:canon:imagerunner:5055
cpe:/a:canon:imagerunner:5055n
cpe:/a:canon:imagerunner:5065
cpe:/a:canon:imagerunner:5065n
cpe:/a:canon:imagerunner:5075
cpe:/a:canon:imagerunner:5075n
cpe:/a:canon:imagerunner:5570
cpe:/a:canon:imagerunner:5800c
cpe:/a:canon:imagerunner:5800cn
cpe:/a:canon:imagerunner:6570
cpe:/a:canon:imagerunner:6800c
cpe:/a:canon:imagerunner:6800cn
cpe:/a:canon:imagerunner:7086
cpe:/a:canon:imagerunner:7095
cpe:/a:canon:imagerunner:7095p
cpe:/a:canon:imagerunner:7105
cpe:/a:canon:imagerunner:8070
cpe:/a:canon:imagerunner:85plus
cpe:/a:canon:imagerunner:c2380i
cpe:/a:canon:imagerunner:c2620
cpe:/a:canon:imagerunner:c2620n
cpe:/a:canon:imagerunner:c2880
cpe:/a:canon:imagerunner:c2880i
cpe:/a:canon:imagerunner:c3220n
cpe:/a:canon:imagerunner:c3380
cpe:/a:canon:imagerunner:c3380i
cpe:/a:canon:imagerunner:c4080i
cpe:/a:canon:imagerunner:c4580i
cpe:/a:canon:imagerunner:c5185i
cpe:/a:canon:imagerunner:c5870
cpe:/a:canon:imagerunner:c5870i
cpe:/a:canon:imagerunner:c5880
cpe:/a:canon:imagerunner:c5880i
cpe:/a:canon:imagerunner:c6870i
cpe:/a:canon:imagerunner:c6880
cpe:/a:canon:imagerunner:c6880i
cpe:/a:canon:imagerunner:clc4040
cpe:/a:canon:imagerunner:clc5151
cpe:/a:canon:imagerunner_2620
cpe:/a:canon:imagerunner_5000i
cpe:/a:canon:imagerunner_5020
cpe:/a:canon:imagerunner_6870
cpe:/a:canon:imagerunner_8500
cpe:/a:canon:imagerunner_9070
cpe:/a:canon:imagerunner_c3200
cpe:/a:canon:imagerunner_c3220
cpe:/a:canon:imagerunner_c6800

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)