CVE-2023-28369 - Vulnerability Details - OpenCVE

Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00084.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Brother	Iprint\&scan

Configuration 1 [-]

cpe:2.3:a:brother:iprint\&scan:*:*:*:*:*:android:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-32066	Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://faq.brother.co.jp/app/answers/detail/a_id/13468
https://jvn.jp/en/vu/JVNVU97891206/
https://play.google.com/store/apps/details?id=com.brother.mfc.brprint
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000

History

Wed, 22 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-05-18T00:00:00

Updated: 2025-01-22T16:31:20.241Z

Reserved: 2023-03-15T00:00:00

Link: CVE-2023-28369

Vulnrichment

Updated: 2024-08-02T12:38:24.988Z

NVD

Status : Modified

Published: 2023-05-18T09:15:09.483

Modified: 2025-01-22T17:15:10.370

Link: CVE-2023-28369

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28369", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "dateUpdated": "2025-01-22T16:31:20.241Z", "dateReserved": "2023-03-15T00:00:00", "datePublished": "2023-05-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-05-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview."}], "affected": [{"vendor": "BROTHER INDUSTRIES, LTD.", "product": "Brother iPrint&Scan", "versions": [{"version": "V6.11.2 and earlier", "status": "affected"}]}], "references": [{"url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000"}, {"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468"}, {"url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint"}, {"url": "https://jvn.jp/en/vu/JVNVU97891206/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Improper access control"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:24.988Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000", "tags": ["x_transferred"]}, {"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU97891206/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-22T16:31:16.583241Z", "id": "CVE-2023-28369", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T16:31:20.241Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000", "tags": ["x_transferred"]}, {"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU97891206/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:24.988Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-28369", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T16:31:16.583241Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T16:30:55.421Z"}}], "cna": {"affected": [{"vendor": "BROTHER INDUSTRIES, LTD.", "product": "Brother iPrint&Scan", "versions": [{"status": "affected", "version": "V6.11.2 and earlier"}]}], "references": [{"url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000"}, {"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468"}, {"url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint"}, {"url": "https://jvn.jp/en/vu/JVNVU97891206/"}], "descriptions": [{"lang": "en", "value": "Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-05-18T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-28369", "state": "PUBLISHED", "dateUpdated": "2025-01-22T16:31:20.241Z", "dateReserved": "2023-03-15T00:00:00", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-05-18T00:00:00", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brother:iprint\\&scan:*:*:*:*:*:android:*:*", "matchCriteriaId": "C92EB506-B012-424B-B1E0-18B4C2E22B2F", "versionEndExcluding": "6.11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview."}], "id": "CVE-2023-28369", "lastModified": "2025-01-22T17:15:10.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-18T09:15:09.483", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU97891206/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://faq.brother.co.jp/app/answers/detail/a_id/13468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU97891206/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=com.brother.mfc.brprint"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100794_000"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}