JVNVU#95063136
Multiple vulnerabilities in Sharp and Toshiba Tec MFPs

Overview

Sharp and Toshiba Tec MFPs (multifunction printers) contain multiple vulnerabilities.

Products Affected

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.

Description

MFPs (multifunction printers) provided by Sharp and Toshiba Tec Corporation contain multiple vulnerabilites listed below.

• Out-of-bounds Read (CWE-125)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  Base Score:7.5
  • CVE-2024-42420
  • Out-of-bounds read vulnerabilities coming from improper processing of keyword search input and improper processing of SOAP messages
• Out-of-bounds Read (CWE-125)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  Base Score:7.5
  • CVE-2024-43424
  • Out-of-bounds read vulnerability coming from improper processing of HTTP request headers
• Out-of-bounds Read (CWE-125)
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H  Base Score:4.9
  • CVE-2024-45829
  • Out-of-bounds read vulnerability in the web page providing data downloading, where query parameters in HTTP requests are improperly processed
• Path traversal (CWE-22)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N  Base Score:5.3
  • CVE-2024-45842
  • Improper processing of URI data in HTTP PUT requests leads to path traversal vulnerability, unintended internal files may be retrieved
• Improper access restriction on some configuration related APIs (CWE-749)
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N  Base Score:8.1
  • CVE-2024-47005
  • Some configuration related APIs are expected to be called by administrative users only, but insufficiently restricted
• Authentication Bypass Using an Alternate Path (CWE-288)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H  Base Score:9.1
  • CVE-2024-47406
  • Improper processing of HTTP authentication requests may lead to authentication bypass
• Improper processing of query parameters in HTTP requests (CWE-644)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N  Base Score:7.4
  • CVE-2024-47549
  • Improper processing of query parameters of HTTP requests may allow contamination of unintended data to HTTP response headers
• Reflected Cross-site Scripting (CWE-79)
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N  Base Score:7.4
  • CVE-2024-47801
  • Reflected cross-site scripting vulnerability coming from improper processing of query parameters in HTTP requests
• Stored Cross-site Scripting (CWE-79)
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N  Base Score:6.2
  • CVE-2024-48870
  • Stored cross-site scripting vulnerability coming from improper input data validation in URI data registration

Impact

• Crafted HTTP requests may cause affected products crashed (CVE-2024-42420, CVE-2024-43424, CVE-2024-45829)
• Internal files may be retrieved when processing crafted HTTP requests (CVE-2024-45842)
• A non-administrative user may execute some configuration APIs (CVE-2024-47005)
• Authentication may be bypassed (CVE-2024-47406)
• Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser (CVE-2024-47549, CVE-2024-47801)
• If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users (CVE-2024-48870)

Solution

Update the firmware
Apply the appropriate firmware update according to the information provided by the respective vendors.

Apply workaround

• Use the affected MFPs inside the network protected by firewall, etc.
• Set the administrative password (an initial password is set in the factory-default configuration, see the manual of the product)
• Change the administrative password from the initial configuration, and manage it appropriately