Action not permitted
Modal body text goes here.
jvndb-2024-003253
Vulnerability from jvndb
Published
2024-06-03 14:36
Modified
2024-06-03 14:36
Severity ?
Summary
Multiple vulnerabilities in Sharp and Toshiba Tec MFPs
Details
Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.
* Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038
* Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955
* Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146
* Plaintext Storage of a Password (CWE-256) - CVE-2024-29978
* Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151
* Path Traversal (CWE-22) - CVE-2024-33605
* Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616
* Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162
* Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248
* Cross-site Scripting (CWE-79) - CVE-2024-36249
* Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254
As for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.
CVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254
As for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.
CVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html", "dc:date": "2024-06-03T14:36+09:00", "dcterms:issued": "2024-06-03T14:36+09:00", "dcterms:modified": "2024-06-03T14:36+09:00", "description": "Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.\r\n\r\n * Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038\r\n * Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955\r\n * Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146\r\n * Plaintext Storage of a Password (CWE-256) - CVE-2024-29978\r\n * Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151\r\n * Path Traversal (CWE-22) - CVE-2024-33605\r\n * Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616\r\n * Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162\r\n * Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248\r\n * Cross-site Scripting (CWE-79) - CVE-2024-36249\r\n * Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.\r\nCVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.\r\nCVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html", "sec:cpe": [ { "#text": "cpe:/a:sharp:multiple_product", "@product": "(Multiple Products)", "@vendor": "Sharp Corporation", "@version": "2.2" }, { "#text": "cpe:/a:toshibatec:multiple_product", "@product": "(Multiple Products)", "@vendor": "TOSHIBA TEC", "@version": "2.2" } ], "sec:cvss": { "@score": "9.1", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "@version": "3.0" }, "sec:identifier": "JVNDB-2024-003253", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU93051062/index.html", "@id": "JVNVU#93051062", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28038", "@id": "CVE-2024-28038", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28955", "@id": "CVE-2024-28955", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29146", "@id": "CVE-2024-29146", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29978", "@id": "CVE-2024-29978", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-32151", "@id": "CVE-2024-32151", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33605", "@id": "CVE-2024-33605", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33610", "@id": "CVE-2024-33610", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33616", "@id": "CVE-2024-33616", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34162", "@id": "CVE-2024-34162", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-35244", "@id": "CVE-2024-35244", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36248", "@id": "CVE-2024-36248", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36249", "@id": "CVE-2024-36249", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36251", "@id": "CVE-2024-36251", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36254", "@id": "CVE-2024-36254", "@source": "CVE" }, { "#text": "https://cwe.mitre.org/data/definitions/121.html", "@id": "CWE-121", "@title": "Stack-based Buffer Overflow(CWE-121)" }, { "#text": "https://cwe.mitre.org/data/definitions/125.html", "@id": "CWE-125", "@title": "Out-of-bounds Read(CWE-125)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-22", "@title": "Path Traversal(CWE-22)" }, { "#text": "https://cwe.mitre.org/data/definitions/256.html", "@id": "CWE-256", "@title": "Unprotected Storage of Credentials(CWE-256)" }, { "#text": "https://cwe.mitre.org/data/definitions/257.html", "@id": "CWE-257", "@title": "Storing Passwords in a Recoverable Format(CWE-257)" }, { "#text": "https://cwe.mitre.org/data/definitions/284.html", "@id": "CWE-284", "@title": "Improper Access Control(CWE-284)" }, { "#text": "https://cwe.mitre.org/data/definitions/312.html", "@id": "CWE-312", "@title": "Cleartext Storage of Sensitive Information(CWE-312)" }, { "#text": "https://cwe.mitre.org/data/definitions/732.html", "@id": "CWE-732", "@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)" }, { "#text": "https://cwe.mitre.org/data/definitions/767.html", "@id": "CWE-767", "@title": "Access to Critical Private Variable via Public Method(CWE-767)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" }, { "#text": "https://cwe.mitre.org/data/definitions/798.html", "@id": "CWE-798", "@title": "Use of Hard-coded Credentials(CWE-798)" } ], "title": "Multiple vulnerabilities in Sharp and Toshiba Tec MFPs" }
cve-2024-36251
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 16:28
Severity ?
EPSS score ?
Summary
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:sharp:mx-m905:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m905", "vendor": "sharp", "versions": [ { "status": "affected", "version": "611" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m6070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m5070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m5070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m4070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m4070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3570:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3570", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m6050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m6050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m5050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m5050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m4050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m4050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3550:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3550", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m3050:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m3050", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m2630:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m2630", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-m6070:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-m6070", "vendor": "sharp", "versions": [ { "status": "affected", "version": "502" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b550wd:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b550wd", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b540wr:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b540wr", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b547wd:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b547wd", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-b537wr:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-b537wr", "vendor": "sharp", "versions": [ { "status": "affected", "version": "250" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b455w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b455w", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b355w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b355w", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b455wz:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b455wz", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b355wz:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b355wz", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b455wt:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b455wt", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-b355wt:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-b355wt", "vendor": "sharp", "versions": [ { "status": "affected", "version": "404" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36251", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T16:19:13.648769Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T16:28:15.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:24.464Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36251", "datePublished": "2024-11-26T07:38:24.464Z", "dateReserved": "2024-05-22T09:00:10.181Z", "dateUpdated": "2024-11-26T16:28:15.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28038
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-12-10 14:57
Severity ?
EPSS score ?
Summary
The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28038", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T22:09:23.255878Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-10T14:57:54.916Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Stack-based buffer overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:06.324Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-28038", "datePublished": "2024-11-26T07:37:06.324Z", "dateReserved": "2024-05-22T09:00:14.691Z", "dateUpdated": "2024-12-10T14:57:54.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-29146
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29146", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:29.416641Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.767Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-312", "description": "Cleartext storage of sensitive information", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:20.253Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-29146", "datePublished": "2024-11-26T07:37:20.253Z", "dateReserved": "2024-05-22T09:00:07.612Z", "dateUpdated": "2024-11-26T14:09:24.767Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-35244
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 07:38
Severity ?
EPSS score ?
Summary
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "Use of hard-coded credentials", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:06.435Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-35244", "datePublished": "2024-11-26T07:38:06.435Z", "dateReserved": "2024-05-22T09:00:11.122Z", "dateUpdated": "2024-11-26T07:38:06.435Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36248
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 07:38
Severity ?
EPSS score ?
Summary
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "Use of hard-coded credentials", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:12.712Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36248", "datePublished": "2024-11-26T07:38:12.712Z", "dateReserved": "2024-05-22T09:00:17.964Z", "dateUpdated": "2024-11-26T07:38:12.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36254
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 14:48
Severity ?
EPSS score ?
Summary
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-90c70", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "200", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-90c80", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "200", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c65:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c65", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c55:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c55", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c45:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c45", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c36:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c36", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-70c31:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-70c31", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-60c45:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-60c45", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-60c36:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-60c36", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-60c31:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-60c31", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c65:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c65", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c55:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c55", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c45:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c45", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c36:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c36", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c31:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c31", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-50c26:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-50c26", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-55c26:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-55c26", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "310", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-8081:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-8081", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "150", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-7081:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-7081", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "150", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-5071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-5071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3571:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3571", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3071:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3071", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4061:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4061", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3561:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3561", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3061:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3061", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-5051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-5051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3551:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3551", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3051:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3051", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-2651:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-2651", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-5071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-5071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3571s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3571s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3071s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3071s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-4061s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-4061s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3561s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3561s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-3061s:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-3061s", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "612", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25y:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25y", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25z:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25z", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:bp-30c25t:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bp-30c25t", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "123", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-7580n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-7580n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "502", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-6580n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-6580n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "502", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-8090n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-8090n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "404", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:sharp:mx-7090n:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mx-7090n", "vendor": "sharp", "versions": [ { "lessThanOrEqual": "404", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-36254", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:24:25.876189Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:48:35.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:30.408Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36254", "datePublished": "2024-11-26T07:38:30.408Z", "dateReserved": "2024-05-22T09:00:17.089Z", "dateUpdated": "2024-11-26T14:48:35.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33610
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-12-10 14:58
Severity ?
EPSS score ?
Summary
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33610", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T22:10:22.048882Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-10T14:58:18.708Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "\"sessionlist.html\" and \"sys_trayentryreboot.html\" are accessible with no authentication. \"sessionlist.html\" provides logged-in users\u0027 session information including session cookies, and \"sys_trayentryreboot.html\" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:44.549Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-33610", "datePublished": "2024-11-26T07:37:44.549Z", "dateReserved": "2024-05-22T09:00:05.257Z", "dateUpdated": "2024-12-10T14:58:18.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32151
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-32151", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:23.265630Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-257", "description": "Storing passwords in a recoverable format", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T10:57:58.852Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-32151", "datePublished": "2024-11-26T07:37:32.412Z", "dateReserved": "2024-05-22T09:00:11.984Z", "dateUpdated": "2024-11-26T14:09:24.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-34162
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-12-10 15:43
Severity ?
EPSS score ?
Summary
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-34162", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T22:10:05.375457Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-10T15:43:40.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-767", "description": "Access to critical private variable via public method", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:57.671Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-34162", "datePublished": "2024-11-26T07:37:57.671Z", "dateReserved": "2024-05-22T09:00:13.769Z", "dateUpdated": "2024-12-10T15:43:40.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33605
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-12-10 15:43
Severity ?
EPSS score ?
Summary
Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33605", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T22:10:08.649799Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-10T15:43:57.213Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T10:58:21.785Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-33605", "datePublished": "2024-11-26T07:37:38.329Z", "dateReserved": "2024-05-22T09:00:15.651Z", "dateUpdated": "2024-12-10T15:43:57.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28955
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28955", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:35.804923Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.903Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "Incorrect permission assignment for critical resource", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:14.737Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-28955", "datePublished": "2024-11-26T07:37:14.737Z", "dateReserved": "2024-05-22T09:00:18.956Z", "dateUpdated": "2024-11-26T14:09:24.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-29978
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-12-04 17:36
Severity ?
EPSS score ?
Summary
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29978", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-04T17:36:38.117189Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-04T17:36:49.190Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-256", "description": "Plaintext storage of a password", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:27.029Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-29978", "datePublished": "2024-11-26T07:37:27.029Z", "dateReserved": "2024-05-22T09:00:12.924Z", "dateUpdated": "2024-12-04T17:36:49.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-36249
Vulnerability from cvelistv5
Published
2024-11-26 07:38
Modified
2024-11-26 14:09
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36249", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-26T14:03:17.536595Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:09:24.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross-site scripting (XSS)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:38:18.359Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-36249", "datePublished": "2024-11-26T07:38:18.359Z", "dateReserved": "2024-05-22T09:00:09.251Z", "dateUpdated": "2024-11-26T14:09:24.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33616
Vulnerability from cvelistv5
Published
2024-11-26 07:37
Modified
2024-12-10 15:43
Severity ?
EPSS score ?
Summary
Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Sharp Corporation | Multiple MFPs (multifunction printers) |
Version: See the information provided by Sharp Corporation listed under [References] |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-33616", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-09T22:10:06.870573Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-10T15:43:11.975Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Multiple MFPs (multifunction printers)", "vendor": "Sharp Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]" } ] }, { "product": "Multiple MFPs (multifunction printers)", "vendor": "Toshiba Tec Corporation", "versions": [ { "status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]" } ] } ], "descriptions": [ { "lang": "en", "value": "Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Authentication bypass", "lang": "en-US", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-26T07:37:51.585Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://global.sharp/products/copier/info/info_security_2024-05.html" }, { "url": "https://jp.sharp/business/print/information/info_security_2024-05.html" }, { "url": "https://www.toshibatec.com/information/20240531_02.html" }, { "url": "https://www.toshibatec.co.jp/information/20240531_02.html" }, { "url": "https://jvn.jp/en/vu/JVNVU93051062/" }, { "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-33616", "datePublished": "2024-11-26T07:37:51.585Z", "dateReserved": "2024-05-22T09:00:06.770Z", "dateUpdated": "2024-12-10T15:43:11.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.