A vulnerability had been confirmed in the RSA key generating process in the Cryptographic library mounted on Canon’s Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers (Affected products are listed below).
The risk of this vulnerability is the possibility of private key for RSA public key being estimated by someone, due to incorrect generation process of RSA key pair. If RSA key pair is used for TLS or IPSec, which is generated by a Cryptographic library with this vulnerability, this RSA public key could be taken by a third party or even be falsified.
We have not received any damage reported regarding this vulnerability so far, however, users can rest assured if firmware on the affected products are updated to the latest version thus we ask for your assistance.
In case the RSA key pair had been created by the questioned Cryptographic library with this vulnerability, additional steps after firmware version upgrade will be required. Depending on the affected models at your hand, refer to Steps to check the key and measure to be taken described below to take a correct action. In addition, do not connect the products to the web directly, but use fire wall, wire connected environment or securely protected private network environment if using Wi-Fi router. Set private IP address as well.
For details, please refer to the following link “Regarding security for products connected to a network”.
“Regarding security for products connected to a network”
Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers, which require the measure.
iR-ADV 4551Ⅲ/4545 Ⅲ/4535 Ⅲ/4525 Ⅲ
IR 1643 IF II
As soon as we confirm the vulnerability of other products, we will inform you immediately on this page.
As for the firmware upgrade of Enterprise/Small Office Multifunction Printers, please inquire persons in charge with your service.
Link: Download firmware for Small Office Multifunction Printers here
Link: Download firmware for Laser Printers here
Link: Download firmware for Inkjet Printers here
Link: Steps to check and take a measure for Enterprise Multifunction Printers key here
Link: Steps to check and take a measure for Small Office Multifunction Printers key here
Link: Steps to check and take a measure for Laser Printers key here
Link: Steps to check and take a measure for Inkjet Printers key here