fkie_nvd - fkie_cve-2024-27974

fkie_cve-2024-27974

Vulnerability from fkie_nvd

Published

2024-03-18 08:15

Modified

2024-11-21 09:05

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Summary

Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].

References

	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN34328023/
	vultures@jpcert.or.jp	https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN34328023/
	af854a3a-2127-422b-91ae-364da2661108	https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator\u0027s ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Cross-Site Request Forgery en impresoras FUJIFILM que implementan CentreWare Internet Services o Internet Services permite que un atacante remoto no autenticado altere la informaci\u00f3n del usuario. En el caso de que el usuario sea administrador, se podr\u00e1n alterar configuraciones como ID de administrador, contrase\u00f1a, etc. En cuanto a los detalles de los nombres de los productos, n\u00fameros de modelo y versiones afectados, consulte la informaci\u00f3n proporcionada por el proveedor que figura en [Referencias]."
    }
  ],
  "id": "CVE-2024-27974",
  "lastModified": "2024-11-21T09:05:32.470",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-18T08:15:06.287",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/jp/JVN34328023/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jvn.jp/en/jp/JVN34328023/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2024-27974 (GCVE-0-2024-27974)

Vulnerability from cvelistv5

Published

2024-03-18 07:59

Modified

2024-10-31 17:23

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

Cross-site request forgery (CSRF)

Summary

References

URL

Tags

	https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html
	https://jvn.jp/en/jp/JVN34328023/

Impacted products

Vendor

Product

Version

FUJIFILM Business Inovation Corp.

DocuPrint P450 d

Version: all versions

FUJIFILM Business Inovation Corp.	DocuPrint P450 JM	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint P450 ps	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint P455 d	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint M455 df	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C2255	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C2450	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C2450 II	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C3200A	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C3350	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C3360	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C3450 d	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint C3450 d II	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint 4050	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint 4060	Version: all versions
FUJIFILM Business Inovation Corp.	DocuPrint 5060	Version: all versions
FUJIFILM Business Inovation Corp.	DocuCentre-IV C2260	Version: all versions
FUJIFILM Business Inovation Corp.	DocuCentre-IV C2270	Version: all versions
FUJIFILM Business Inovation Corp.	DocuCentre-IV C3370	Version: all versions
FUJIFILM Business Inovation Corp.	DocuCentre-IV C4470	Version: all versions
FUJIFILM Business Inovation Corp.	DocuCentre-IV C5570	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C2270	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C3370	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C4470	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C5570	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C2270 R	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C3370 R	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C4470 R	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosPort-IV C5570 R	Version: all versions
FUJIFILM Business Inovation Corp.	ApeosWide 6050/3030	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide 6057/3037	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide 6055	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide 3035	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide C842	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide 2055	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide 9098α	Version: all versions
FUJIFILM Business Inovation Corp.	DocuWide 9095α	Version: all versions

Show details on NVD website