CVE-2024-36248 - Vulnerability Details - OpenCVE

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://global.sharp/products/copier/info/info_security_2024-05.html
https://jp.sharp/business/print/information/info_security_2024-05.html
https://jvn.jp/en/vu/JVNVU93051062/
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
https://www.toshibatec.co.jp/information/20240531_02.html
https://www.toshibatec.com/information/20240531_02.html

History

Mon, 27 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 07:45:00 +0000

Type	Values Removed	Values Added
Description		API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Weaknesses		CWE-798
References		https://global.sharp/products/copier/info/info_security_2024-05.html https://jp.sharp/business/print/information/info_security_2024-05.html https://jvn.jp/en/vu/JVNVU93051062/ https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html https://www.toshibatec.co.jp/information/20240531_02.html https://www.toshibatec.com/information/20240531_02.html
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-11-26T07:38:12.712Z

Updated: 2025-01-27T17:45:48.564Z

Reserved: 2024-05-22T09:00:17.964Z

Link: CVE-2024-36248

Vulnrichment

Updated: 2025-01-27T17:45:41.443Z

NVD

Status : Awaiting Analysis

Published: 2024-11-26T08:15:06.430

Modified: 2025-01-27T18:15:39.113

Link: CVE-2024-36248

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36248", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-05-22T09:00:17.964Z", "datePublished": "2024-11-26T07:38:12.712Z", "dateUpdated": "2025-01-27T17:45:48.564Z"}, "containers": {"cna": {"affected": [{"vendor": "Sharp Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Sharp Corporation listed under [References]", "status": "affected"}]}, {"vendor": "Toshiba Tec Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Toshiba Tec Corporation listed under [References]", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "problemTypes": [{"descriptions": [{"description": "Use of hard-coded credentials", "lang": "en-US", "cweId": "CWE-798", "type": "CWE"}]}], "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"url": "https://www.toshibatec.com/information/20240531_02.html"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T07:38:12.712Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-798", "lang": "en", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T16:20:15.617804Z", "id": "CVE-2024-36248", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:45:48.564Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36248", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-05-22T09:00:17.964Z", "datePublished": "2024-11-26T07:38:12.712Z", "dateUpdated": "2025-01-27T17:45:48.564Z"}, "containers": {"cna": {"affected": [{"vendor": "Sharp Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Sharp Corporation listed under [References]", "status": "affected"}]}, {"vendor": "Toshiba Tec Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Toshiba Tec Corporation listed under [References]", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "problemTypes": [{"descriptions": [{"description": "Use of hard-coded credentials", "lang": "en-US", "cweId": "CWE-798", "type": "CWE"}]}], "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"url": "https://www.toshibatec.com/information/20240531_02.html"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T07:38:12.712Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-36248", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-27T16:20:15.617804Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-27T17:45:41.443Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}, {"lang": "es", "value": "Las claves API de algunos servicios en la nube est\u00e1n codificadas en el binario \"principal\". Para conocer los detalles de los nombres de los productos afectados, los n\u00fameros de modelo y las versiones, consulte la informaci\u00f3n proporcionada por los respectivos proveedores que se incluye en [Referencias]."}], "id": "CVE-2024-36248", "lastModified": "2025-01-27T18:15:39.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "vultures@jpcert.or.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-26T08:15:06.430", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"source": "vultures@jpcert.or.jp", "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toshibatec.com/information/20240531_02.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}