Windows Internet Key Exchange (IKE) Protocol Extensions Vulnerability
(CVE-2022-34721, CVE-2022-34722)
(CVE-2022-34721, CVE-2022-34722)
Canon Medical Systems Security Advisory
Overview:
It was announced that there is security vulnerability that affects Windows Internet Key Exchange (IKE) Protocol Extensions. An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.
REF: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34721
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34722
Vulnerability Overview:
An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. Only systems with the IKE and AuthIP IPsec Keying Modules running are vulnerable to this attack.
Possible Affected Canon Medical Systems Products:
Canon Medical Systems Corporation is aware of the remote code execution vulnerability in Windows Internet Key Exchange module, identified as CVE-2022-34721 and CVE-2022-34722. Since these vulnerability uses the encrypted communication, it is assumed that there is unlikely to affect to our products. And we have not confirmed that these vulnerabilities have been exploited in our products at this time.
Canon Medical Systems Corporation is currently investigating whether there is any impact. This security advisory will be updated as the investigation continues.
Resolution:
None
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
