|Thank you for using Canon products.
A potential vulnerability (CVE-2022-26320) has been confirmed by Canon in the RSA key generating process in the cryptographic library mounted on Canon’s Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers (Affected products are listed below).
The risk of this vulnerability is the possibility of the private key for its RSA public key being exploited by a third party due to the incorrect generation process of the RSA key pair. If the RSA key pair is used for TLS or IPSec, which was generated by the cryptographic library with this vulnerability, the RSA Public Key can be used to guess and possibly decipher captured communications by a third party.
As of the date of this Service Notice Update, Canon has not received any reports that this vulnerability has impacted any Canon products. However, we recommend updating the firmware for the products listed below to the latest version available.
In instances where the RSA key pair had been created by the cryptographic library with this vulnerability, additional steps should be taken after you have upgraded the product’s firmware to the latest version. Depending on the product model, please refer to the steps listed below to check the key and additional corrective measures to be taken. In addition, we do not recommend that Canon products be directly connected to the Internet. When using Canon products, we recommend using a fire wall, a wire connected environment or a securely protected private network environment when using a Wi-Fi router, and we also recommend setting a private IP address.
Canon Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers that require firmware updating and possible additional corrective action:
imageRUNNER ADVANCE/imagePRESS Lite:
For more information, please review the following link “Securing products when connecting to a network” which can be accessed at: https://www.cla.canon.com/en_US/app/pdf/message-to-our-customers/Connecting-To-Network-Securely.pdf
Links to Instructions for addressing the replacement of affected RSA Keys:
If Canon determines that additional products may be subject to this potential vulnerability, we will inform you on this page.
* Regarding the availability of the firmware upgrades for Canon Enterprise/Small Office Multifunction Printers, please contact your Authorized Servicer in charge of servicing your Canon equipment.
Should you have any questions about the announcement, please contact the Authorized Service Facility in your area or you may contact the Call Center within your region.