|
[Japanese]
|
JVNDB-2023-014781
|
Brother iPrint&Scan Desktop for Windows vulnerable to improper link resolution before file access
|
|
iPrint&Scan Desktop for Windows provided by Brother Industries, Ltd. outputs logs to a certain log file.
The affected version of the product does not check whether the log file is a normal file or a symbolic link to a certain file (CWE-59).
Chris Au reported this vulnerability to Brother Industries, Ltd. and coordinated. Brother Industries, Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
|
|
CVSS V3 Severity:
Base Metrics 6.5 (Medium) [Other]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 4.6 (Medium) [Other]
- Access Vector: Local
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
|
|
|
Brother Industries
- Brother iPrint&Scan Desktop for Windows version 11.0.0 and earlier
|
|
|
Symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following version.
* iPrint&Scan Desktop for Windows version 11.0.1
For more information, refer to the information provided by the developer.
|
|
Brother Industries
|
|
- Link Following(CWE-59) [Other]
|
|
- CVE-2023-51654
|
|
- JVN : JVNVU#97943829
- National Vulnerability Database (NVD) : CVE-2023-51654
|
|
- [2023/12/26]
Web page was published
- [2024/03/18]
References : Content was added
|
