ZeroLogon Vulnerability (CVE-2020-1472)
Canon Medical Systems Security Advisory
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
REF: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
Overview:
Note: This Vulnerability is currently awaiting updated analysis and represents our best knowledge as of the most recent revision. As a result, the content is subject to change as further analysis is performed and the results are updated.
Canon Medical Systems Corporation continues to investigate the applicability of this vulnerability to Medical Imaging Devices manufactured by Canon Medical Systems Corporation.
REFERENCE:
MITRE CVE-2020-1472
This vulnerability is only applicable to Microsoft Windows Server systems that are configured as domain controller. Canon Medical Systems Corporation does not manufacture any imaging products operating on Windows Server configured as domain controller.
Possible Affected Canon Medical Systems Products:
Affected Canon Medical Systems Products
・ None
Canon Medical Products under investigation
・ None
Resolution:
・ None
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems Asia webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
