[Japanese]

JVNDB-2024-003253

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview

Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities listed below.

* Stack-based Buffer Overflow (CWE-121) - CVE-2024-28038
* Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28955
* Cleartext Storage of Sensitive Information (CWE-312) - CVE-2024-29146
* Plaintext Storage of a Password (CWE-256) - CVE-2024-29978
* Storing Passwords in a Recoverable Format (CWE-257) - CVE-2024-32151
* Path Traversal (CWE-22) - CVE-2024-33605
* Improper Access Control (CWE-284) - CVE-2024-33610, CVE-2024-33616
* Access to Critical Private Variable via Public Method (CWE-767) - CVE-2024-34162
* Use of Hard-coded Credentials (CWE-798) - CVE-2024-35244, CVE-2024-36248
* Cross-site Scripting (CWE-79) - CVE-2024-36249
* Out-of-bounds Read (CWE-125) - CVE-2024-36251, CVE-2024-36254

As for the vulnerabilities listed below, Pierre Barre reported them to JPCERT/CC, and JPCERT/CC coordinated with Sharp Corporation.
CVE-2024-28038, CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151, CVE-2024-33605, CVE-2024-33610, CVE-2024-33616, CVE-2024-34162, CVE-2024-35244, CVE-2024-36248, CVE-2024-36251, CVE-2024-36254

As for the vulnerabilities listed below, Sharp Corporation received reports and coordinated with the reporters directly, and after the coordination was completed, Sharp reported them to JPCERT/CC to notify the users of the solutions through JVN.
CVE-2024-33610, CVE-2024-36249, CVE-2024-36251, CVE-2024-36254
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.1 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-33610, CVE-2024-35244, CVE-2024-36248

CVSS V3 Severity:
Base Metrics9.0 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-28038

CVSS V3 Severity:
Base Metrics5.9 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-28955, CVE-2024-29146, CVE-2024-29978, CVE-2024-32151

CVSS V3 Severity:
Base Metrics7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-33605

CVSS V3 Severity:
Base Metrics5.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact:
The above CVSS base scores have been assigned for CVE-2024-33616, CVE-2024-34162

CVSS V3 Severity:
Base Metrics7.4 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-36249

CVSS V3 Severity:
Base Metrics7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-36251, CVE-2024-36254
Affected Products


Sharp Corporation
  • (Multiple Products)
TOSHIBA TEC
  • (Multiple Products)

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.
Impact

* Sending a specially crafted request to the administrative page of the affected MFPs may lead to a denial-of-service (DoS) condition
* Arbitrary files in the affected MFPs may be viewed, and as a result, information in the program may be obtained
* Some of the information in the affected MFPs may be accessed without appropriate privileges
* Arbitrary scripts may be executed on the administrative page of the affected MFPs
* Arbitrary code may be executed on the affected MFPs firmware

For more information, refer to the information provided by the respective vendors.
Solution

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the respective vendors.

[Apply workaround]
Applying the following workarounds may mitigate the impacts of these vulnerabilities.

* Use the MFPs in the protected network such as with firewalls and/or routers
* Restrict the access to the web pages of the MFPs by setting appropriate passwords (*1)
* Change the factory-shipped initial passwords, and manage them appropriately

(*1) This function is enabled in the MFPs sold in Japan, however, it is disabled in the MFPs sold in other countries

For the details of the updates and workarounds, refer to the information provided by the respective vendors from [Vendor Status] section.
Vendor Information

Sharp Corporation TOSHIBA TEC
CWE (What is CWE?)

  1. Stack-based Buffer Overflow(CWE-121) [Other]
  2. Out-of-bounds Read(CWE-125) [Other]
  3. Path Traversal(CWE-22) [Other]
  4. Unprotected Storage of Credentials(CWE-256) [Other]
  5. Storing Passwords in a Recoverable Format(CWE-257) [Other]
  6. Improper Access Control(CWE-284) [Other]
  7. Cleartext Storage of Sensitive Information(CWE-312) [Other]
  8. Incorrect Permission Assignment for Critical Resource(CWE-732) [Other]
  9. Access to Critical Private Variable via Public Method(CWE-767) [Other]
  10. Cross-site Scripting(CWE-79) [Other]
  11. Use of Hard-coded Credentials(CWE-798) [Other]
CVE (What is CVE?)

  1. CVE-2024-28038
  2. CVE-2024-28955
  3. CVE-2024-29146
  4. CVE-2024-29978
  5. CVE-2024-32151
  6. CVE-2024-33605
  7. CVE-2024-33610
  8. CVE-2024-33616
  9. CVE-2024-34162
  10. CVE-2024-35244
  11. CVE-2024-36248
  12. CVE-2024-36249
  13. CVE-2024-36251
  14. CVE-2024-36254
References

  1. JVN : JVNVU#93051062
Revision History

  • [2024/06/03]
      Web page was published

Date Public2024/05/31
Date First Published2024/06/03
Date Last Updated2024/06/03