CVE-2024-36248

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://global.sharp/products/copier/info/info_security_2024-05.html
https://jp.sharp/business/print/information/info_security_2024-05.html
https://jvn.jp/en/vu/JVNVU93051062/
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
https://www.toshibatec.co.jp/information/20240531_02.html
https://www.toshibatec.com/information/20240531_02.html

Configurations

No configuration.

History

26 Nov 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-26 08:15

Updated : 2025-01-27 18:15

NVD link : CVE-2024-36248

Mitre link : CVE-2024-36248

CVE.ORG link : CVE-2024-36248

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2024-36248", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-11-26T08:15:06.430", "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/", "source": "vultures@jpcert.or.jp"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.toshibatec.com/information/20240531_02.html", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}, {"lang": "es", "value": "Las claves API de algunos servicios en la nube est\u00e1n codificadas en el binario \"principal\". Para conocer los detalles de los nombres de los productos afectados, los n\u00fameros de modelo y las versiones, consulte la informaci\u00f3n proporcionada por los respectivos proveedores que se incluye en [Referencias]."}], "lastModified": "2025-01-27T18:15:39.113", "sourceIdentifier": "vultures@jpcert.or.jp"}