Go to the homepage of Canon UK

Browse your favourite Canon products & find out more about our office solutions

See our exciting range of products for professional & home users

Find out how Canon can help you find the perfect solution for your business

For all the information on the Canon organisation

Contact details for Canon's global operations

All the technical & other help you need to get the best from your Canon products

Quickly find the information you are looking for

Locate your nearest supplier for Canon products & solutions

News

About Canon

Advertising & Sponsorship

Home > About Us > News > Solutions Business News

Web Advisory: Digital multifunction printer vulnerability

This web advisory concerns specific Canon digital multifunction printers and a potential vulnerability through their FTP servers. By taking the correct action outlined, customers can be assured that the potential vulnerability described will be avoided. Canon’s commitment to customer satisfaction is always paramount and we apologise for any inconvenience resulting from this issue.

The vulnerability in question is known as "FTP bounce." In its simplest terms, this vulnerability is based on the potential misuse of the PORT command in the FTP protocol. For certain devices, a malicious user could potentially exploit this vulnerability to create a connection between the FTP server and other systems on another port. Through this, such a user may be able to scan networks that they would not otherwise have access to and be able to conceal the true origin of an attempt to do this. It should be noted that despite this, information in the network host cannot be obtained or sent via affected machines.

If you have any of the following products, please see steps below to clear this vulnerability.

Product Names:

o iR C2620/C2620N/C3220/C3220N
o iR 6800C/6800CN/5800C/5800CN
o iR 3170C/3170Ci/2570C/2570Ci
o iR 3180C, iR3180Ci
o iR C5870/C5870i/C6870/C6870i
o iR C5880/C5880i/C6880/C6880i
o iR C5185i/CLC5151/C4580i/CLC4040/C4080i
o iR C2880/C2880i/C3380/C3380i
o iR C2380i
o iR 2270/2870/3570/4570
o iR 2230/3530
o iR 6570/5570
o iR 3025/3025N/3035/3035N/3045/3045N
o iR 5055/5055N/5065/5065N/5075/5075N
o iR 8070/9070/105+/85+
o iR 7086/7095/7105/7095P
o imagePRESS C1
o LBP5960
o i-SENSYS LBP5360
o i-SENSYS LBP3360
o i-SENSYS LBP3460

Steps to take to clear vulnerability

The following steps should guide you to change your own device settings, however please contact your local service and support company if you require further help.
o For customers who do not use FTP print (*1)

1. On User Interface of Canon digital multifunction copiers, navigate Additional Functions -> System Settings -> Network Settings -> TCP/IP Settings -> FTP print.
2. Set the FTP print to OFF.

o For customers who do use FTP print (*1)

1. On User Interface of Canon digital multifunction copiers, navigate Additional Functions -> System Settings -> Network Settings -> TCP/IP Settings -> FTP print.
2. Set "user name" and "password" for the FTP print.

*1: FTP print is a print method using FTP command. This command is not used for printing from the printer driver.

Notes
Canon Inc. would like to thank Nate Johnson and the Indiana University for finding and reporting this vulnerability to Canon U.S.A., Inc.

Can't find what you are looking for? Why not visit our News Archive to search our news database for a specific item.


News
What's New
Corporate Press Releases
Consumer Press Releases
Solutions Business News
News Archive
PR Contacts

BOOKMARK WITH :

RSS Feeds

Delicious

Digg

Stumbleupon

Facebook