Vulnerability-Lookup

CVE-2024-36249 (GCVE-0-2024-36249)

Vulnerability from cvelistv5 – Published: 2024-11-26 07:38 – Updated: 2024-11-26 14:09

Summary

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE

CWE-79 - Cross-site scripting (XSS)

Assigner

jpcert

References

URL

Tags

	https://global.sharp/products/copier/info/info_se…
	https://jp.sharp/business/print/information/info_…
	https://www.toshibatec.com/information/20240531_02.html
	https://www.toshibatec.co.jp/information/20240531…
	https://jvn.jp/en/vu/JVNVU93051062/

Impacted products

Vendor

Product

Version

Sharp Corporation

Multiple MFPs (multifunction printers)

Affected: See the information provided by Sharp Corporation listed under [References]

Toshiba Tec Corporation

Multiple MFPs (multifunction printers)

Affected: See the information provided by Toshiba Tec Corporation listed under [References]

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T14:03:17.536595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:09:24.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple MFPs (multifunction printers)",
          "vendor": "Sharp Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "See the information provided by Sharp Corporation listed under [References]"
            }
          ]
        },
        {
          "product": "Multiple MFPs (multifunction printers)",
          "vendor": "Toshiba Tec Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "See the information provided by Toshiba Tec Corporation listed under [References]"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site scripting (XSS)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-26T07:38:18.359Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
        },
        {
          "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
        },
        {
          "url": "https://www.toshibatec.com/information/20240531_02.html"
        },
        {
          "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU93051062/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-36249",
    "datePublished": "2024-11-26T07:38:18.359Z",
    "dateReserved": "2024-05-22T09:00:09.251Z",
    "dateUpdated": "2024-11-26T14:09:24.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36249\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-26T14:03:17.536595Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T14:03:19.868Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Sharp Corporation\", \"product\": \"Multiple MFPs (multifunction printers)\", \"versions\": [{\"status\": \"affected\", \"version\": \"See the information provided by Sharp Corporation listed under [References]\"}]}, {\"vendor\": \"Toshiba Tec Corporation\", \"product\": \"Multiple MFPs (multifunction printers)\", \"versions\": [{\"status\": \"affected\", \"version\": \"See the information provided by Toshiba Tec Corporation listed under [References]\"}]}], \"references\": [{\"url\": \"https://global.sharp/products/copier/info/info_security_2024-05.html\"}, {\"url\": \"https://jp.sharp/business/print/information/info_security_2024-05.html\"}, {\"url\": \"https://www.toshibatec.com/information/20240531_02.html\"}, {\"url\": \"https://www.toshibatec.co.jp/information/20240531_02.html\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU93051062/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Cross-site scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-11-26T07:38:18.359Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36249\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:09:24.516Z\", \"dateReserved\": \"2024-05-22T09:00:09.251Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-11-26T07:38:18.359Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-97W9-7QCX-QC77

Vulnerability from github – Published: 2024-11-26 09:30 – Updated: 2024-11-26 09:30

Details

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-36249"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T08:15:06Z",
    "severity": "HIGH"
  },
  "details": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].",
  "id": "GHSA-97w9-7qcx-qc77",
  "modified": "2024-11-26T09:30:49Z",
  "published": "2024-11-26T09:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36249"
    },
    {
      "type": "WEB",
      "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
    },
    {
      "type": "WEB",
      "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU93051062"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
    },
    {
      "type": "WEB",
      "url": "https://www.toshibatec.com/information/20240531_02.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

JVNDB-2024-003253

Vulnerability from jvndb - Published: 2024-06-03 14:36 - Updated:2024-06-03 14:36

Severity ?

9.1 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Details

Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below. * Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038 * Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955 * Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146 * Plaintext Storage of a Password (CWE-256) - CVE-2024-29978 * Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151 * Path Traversal (CWE-22) - CVE-2024-33605 * Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616 * Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162 * Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248 * Cross-site Scripting (CWE-79) - CVE-2024-36249 * Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254 As for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation. CVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254 As for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN. CVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254

References

Type

URL

	JVN	https://jvn.jp/en/vu/JVNVU93051062/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-28038
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-28955
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-29146
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-29978
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-32151
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-33605
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-33610
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-33616
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-34162
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-35244
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36248
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36249
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36251
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-36254
	Stack-based Buffer Overflow(CWE-121)	https://cwe.mitre.org/data/definitions/121.html
	Out-of-bounds Read(CWE-125)	https://cwe.mitre.org/data/definitions/125.html
	Path Traversal(CWE-22)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Unprotected Storage of Credentials(CWE-256)	https://cwe.mitre.org/data/definitions/256.html
	Storing Passwords in a Recoverable Format(CWE-257)	https://cwe.mitre.org/data/definitions/257.html
	Improper Access Control(CWE-284)	https://cwe.mitre.org/data/definitions/284.html
	Cleartext Storage of Sensitive Information(CWE-312)	https://cwe.mitre.org/data/definitions/312.html
	Incorrect Permission Assignment for Critical Resource(CWE-732)	https://cwe.mitre.org/data/definitions/732.html
	Access to Critical Private Variable via Public Method(CWE-767)	https://cwe.mitre.org/data/definitions/767.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Use of Hard-coded Credentials(CWE-798)	https://cwe.mitre.org/data/definitions/798.html

Impacted products

Vendor

Product

	Sharp Corporation	(Multiple Products)
	TOSHIBA TEC	(Multiple Products)

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html",
  "dc:date": "2024-06-03T14:36+09:00",
  "dcterms:issued": "2024-06-03T14:36+09:00",
  "dcterms:modified": "2024-06-03T14:36+09:00",
  "description": "Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.\r\n\r\n  * Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038\r\n  * Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955\r\n  * Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146\r\n  * Plaintext Storage of a Password (CWE-256) - CVE-2024-29978\r\n  * Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151\r\n  * Path Traversal (CWE-22) - CVE-2024-33605\r\n  * Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616\r\n  * Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162\r\n  * Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248\r\n  * Cross-site Scripting (CWE-79) - CVE-2024-36249\r\n  * Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.\r\nCVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254\r\n\r\nAs for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.\r\nCVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003253.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:sharp:multiple_product",
      "@product": "(Multiple Products)",
      "@vendor": "Sharp Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshibatec:multiple_product",
      "@product": "(Multiple Products)",
      "@vendor": "TOSHIBA TEC",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.1",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003253",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93051062/index.html",
      "@id": "JVNVU#93051062",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28038",
      "@id": "CVE-2024-28038",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28955",
      "@id": "CVE-2024-28955",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29146",
      "@id": "CVE-2024-29146",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-29978",
      "@id": "CVE-2024-29978",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-32151",
      "@id": "CVE-2024-32151",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33605",
      "@id": "CVE-2024-33605",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33610",
      "@id": "CVE-2024-33610",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-33616",
      "@id": "CVE-2024-33616",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34162",
      "@id": "CVE-2024-34162",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-35244",
      "@id": "CVE-2024-35244",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36248",
      "@id": "CVE-2024-36248",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36249",
      "@id": "CVE-2024-36249",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36251",
      "@id": "CVE-2024-36251",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-36254",
      "@id": "CVE-2024-36254",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/121.html",
      "@id": "CWE-121",
      "@title": "Stack-based Buffer Overflow(CWE-121)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/256.html",
      "@id": "CWE-256",
      "@title": "Unprotected Storage of Credentials(CWE-256)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/257.html",
      "@id": "CWE-257",
      "@title": "Storing Passwords in a Recoverable Format(CWE-257)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/312.html",
      "@id": "CWE-312",
      "@title": "Cleartext Storage of Sensitive Information(CWE-312)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/732.html",
      "@id": "CWE-732",
      "@title": "Incorrect Permission Assignment for Critical Resource(CWE-732)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/767.html",
      "@id": "CWE-767",
      "@title": "Access to Critical Private Variable via Public Method(CWE-767)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/798.html",
      "@id": "CWE-798",
      "@title": "Use of Hard-coded Credentials(CWE-798)"
    }
  ],
  "title": "Multiple vulnerabilities in Sharp and Toshiba Tec MFPs"
}

FKIE_CVE-2024-36249

Vulnerability from fkie_nvd - Published: 2024-11-26 08:15 - Updated: 2024-11-26 08:15

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	https://global.sharp/products/copier/info/info_security_2024-05.html
	vultures@jpcert.or.jp	https://jp.sharp/business/print/information/info_security_2024-05.html
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU93051062/
	vultures@jpcert.or.jp	https://www.toshibatec.co.jp/information/20240531_02.html
	vultures@jpcert.or.jp	https://www.toshibatec.com/information/20240531_02.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de cross-site scripting en varias impresoras multifunci\u00f3n de Sharp Corporation y Toshiba Tech Corporation. Si se explota esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en la p\u00e1gina administrativa de las impresoras multifunci\u00f3n afectadas. En cuanto a los detalles de los nombres de los productos afectados, los n\u00fameros de modelo y las versiones, consulte la informaci\u00f3n proporcionada por los respectivos proveedores que se enumeran en [Referencias]."
    }
  ],
  "id": "CVE-2024-36249",
  "lastModified": "2024-11-26T08:15:06.580",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-26T08:15:06.580",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU93051062/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.toshibatec.co.jp/information/20240531_02.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.toshibatec.com/information/20240531_02.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-36249 (GCVE-0-2024-36249)

GHSA-97W9-7QCX-QC77

JVNDB-2024-003253

FKIE_CVE-2024-36249

Tags

Sightings

Nomenclature