CVE-2024-27974
Vulnerability from cvelistv5
Published
2024-03-18 07:59
Modified
2024-10-31 17:23
Severity ?
EPSS score ?
Summary
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:41:24.178975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T17:23:55.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN34328023/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DocuPrint P450 d",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint P450 JM",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint P450 ps",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint P455 d",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint M455 df",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C2255",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C2450",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C2450 II",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C3200A",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C3350",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C3360",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C3450 d",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint C3450 d II",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint 4050",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint 4060",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuPrint 5060",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuCentre-IV C2260",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuCentre-IV C2270",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuCentre-IV C3370",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuCentre-IV C4470",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuCentre-IV C5570",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C2270",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C3370",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C4470",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C5570",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C2270 R",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C3370 R",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C4470 R",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosPort-IV C5570 R",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "ApeosWide 6050/3030",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide 6057/3037",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide 6055",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide 3035",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide C842",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide 2055",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide 9098\u03b1",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "DocuWide 9095\u03b1",
"vendor": "FUJIFILM Business Inovation Corp.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator\u0027s ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T07:59:37.720Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"
},
{
"url": "https://jvn.jp/en/jp/JVN34328023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-27974",
"datePublished": "2024-03-18T07:59:37.720Z",
"dateReserved": "2024-02-28T23:42:20.075Z",
"dateUpdated": "2024-10-31T17:23:55.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-27974\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-03-18T08:15:06.287\",\"lastModified\":\"2024-10-31T18:35:09.403\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator\u0027s ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Cross-Site Request Forgery en impresoras FUJIFILM que implementan CentreWare Internet Services o Internet Services permite que un atacante remoto no autenticado altere la informaci\u00f3n del usuario. En el caso de que el usuario sea administrador, se podr\u00e1n alterar configuraciones como ID de administrador, contrase\u00f1a, etc. En cuanto a los detalles de los nombres de los productos, n\u00fameros de modelo y versiones afectados, consulte la informaci\u00f3n proporcionada por el proveedor que figura en [Referencias].\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN34328023/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html\",\"source\":\"vultures@jpcert.or.jp\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.