[Japanese]

JVNDB-2024-011256

Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview

MFPs (multifunction printers) provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below.


  • Out-of-bounds Read (CWE-125)

    • CVE-2024-42420

    • Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP messages



  • Out-of-bounds Read (CWE-125)

    • CVE-2024-43424

    • Out-of-bounds read vulnerability coming from improper processing of HTTP request headers



  • Out-of-bounds Read (CWE-125)

    • CVE-2024-45829

    • Out-of-bounds read vulnerability in the web page providing data downloading, where query parameters in HTTP requests are improperly processed



  • Path traversal (CWE-22)

    • CVE-2024-45842

    • Improper processing of URI data in HTTP PUT requests leads to path traversal vulnerability, unintended internal files may be retrieved



  • Improper access restriction on some configuration related APIs (CWE-749)

    • CVE-2024-47005

    • Some configuration related APIs are expected to be called by administrative users only, but insufficiently restricted



  • Authentication Bypass Using an Alternate Path (CWE-288)

    • CVE-2024-47406

    • Improper processing of HTTP authentication requests may lead to authentication bypass



  • Improper processing of query parameters in HTTP requests (CWE-644)

    • CVE-2024-47549

    • Improper processing of query parameters of HTTP requests may allow contamination of unintended data to HTTP response headers



  • Reflected Cross-site Scripting (CWE-79)

    • CVE-2024-47801

    • Reflected cross-site scripting vulnerability coming from improper processing of query parameters in HTTP requests



  • Stored Cross-site Scripting (CWE-79)

    • CVE-2024-48870

    • Stored cross-site scripting vulnerability coming from improper input data validation in URI data registration





Sharp Corporation reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.1 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-47406


CVSS V3 Severity:
Base Metrics:8.1 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-47005


CVSS V3 Severity:
Base Metrics:7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-42420, CVE-2024-43424


CVSS V3 Severity:
Base Metrics:7.4 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-47549, CVE-2024-47801


CVSS V3 Severity:
Base Metrics:6.2 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-48870


CVSS V3 Severity:
Base Metrics:5.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-45842


CVSS V3 Severity:
Base Metrics:4.9 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-45829
Affected Products


Sharp Corporation
  • (Multiple Products)
TOSHIBA TEC
  • (Multiple Products)

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.
Impact

* Crafted HTTP requests may cause affected products crashed (CVE-2024-42420, CVE-2024-43424, CVE-2024-45829)
* Internal files may be retrieved when processing crafted HTTP requests (CVE-2024-45842)
* A non-administrative user may execute some configuration APIs (CVE-2024-47005)
* Authentication may be bypassed (CVE-2024-47406)
* Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser (CVE-2024-47549, CVE-2024-47801)
* If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users (CVE-2024-48870)
Solution

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the respective vendors.

[Apply workaround]

* Use the affected MFPs inside the network protected by firewall, etc.
* Set the administrative password (an initial password is set in the factory-default configuration, see the manual of the product)
* Change the administrative password from the initial configuration, and manage it appropriately
Vendor Information

Sharp Corporation TOSHIBA TEC
CWE (What is CWE?)

  1. Out-of-bounds Read(CWE-125) [Other]
  2. Path Traversal(CWE-22) [Other]
  3. Authentication Bypass Using an Alternate Path or Channel(CWE-288) [Other]
  4. Improper Neutralization of HTTP Headers for Scripting Syntax(CWE-644) [Other]
  5. Exposed Dangerous Method or Function(CWE-749) [Other]
  6. Cross-site Scripting(CWE-79) [Other]
CVE (What is CVE?)

  1. CVE-2024-42420
  2. CVE-2024-43424
  3. CVE-2024-45829
  4. CVE-2024-45842
  5. CVE-2024-47005
  6. CVE-2024-47406
  7. CVE-2024-47549
  8. CVE-2024-47801
  9. CVE-2024-48870
References

  1. JVN : JVNVU#95063136
Revision History

  • [2024/10/28]
      Web page was published