Vulnerability affecting FTP Print
It is found that some Canon imageRUNNER, Color imageRUNNER, imagePRESS, LaserShot devices* contain a vulnerability known as "FTP" bounce when configured for network printing. Engines using imagePASS, imagePRESS Servers, or ColorPASS devices for printing are NOT affected by this vulnerability.
In its simplest terms, this vulnerability is based on the potential misuse of the PORT command in the FTP (File Transfer Protocol) in conjunction with command FTP Print.
FTP print is a print method using FTP command. This command is not used for printing from the printer driver. The FTP protocol defines the PORT command, which can be used to establish connections to remote machines other than the FTP client. While this functionality complies with the FTP RFC (Request for Comments - the naming convention used in internet related standards and specifications), it exposes a potential vulnerability known as "FTP bounce", in which a malicious user may, if the FTP print setting is on, be able to utilize the FTP server to open connections which appear to originate from the server.
In certain devices, a malicious user may exploit this vulnerability to create a connection between the FTP server and other systems on an arbitrary Port. An attacker may be able to scan networks that it would not otherwise have access to. An attacker may also be able to conceal the true origin of a port scanning attempt. However, information in the network host cannot be obtained via the affected machines. Information in the affected machines cannot be obtained or sent, either.
To help prevent misuse from occurring, please implement one of the following countermeasures from the device User Interface:
If you do not require FTP print, please turn off the FTP print setting. The steps are, 1) Navigate to Additional Functions, choose System Settings, Network Settings, TCP/IP Settings, FTP print. 2) Set the FTP print to OFF.
If you require FTP print, please set username and password. The steps are, 1) Navigate to Additional Functions, choose System Settings, Network Settings, TCP/IP Settings, FTP print. 2) Set "username" and "password" for the FTP print functionality.
* Applicable models:
- iR C2620/ C2620N/ C3220N
- iR C6800/ C5800/ C5800N
- iR C3170/ C3170i/ C2570/ C2570i
- iR C3180i
- iR C5870i/ C6870i
- iR C5185/ C5185i/ C5180/ C5180i/ C4580/ C4580i
- iR C2880/ C2880i/ C3380/ C3380i
- iR 2270/ 2870/ 3570/ 4570
- iR 2230/ 3530
- iR 6570/ 5570
- iR 3025/ 3030/ 3035/ 3045
- iR 5055/ 5065/ 5075
- iR 9070/ 105+
- iR 7095/ 7105
- imagePRESS C1
- imagePRESS C7000VP
- LaserShot LBP5960
- LaserShot LBP5360
- LaserShot LBP3360
- LaserShot LBP3460