jvndb - jvndb-2024-000027

jvndb-2024-000027

Vulnerability from jvndb

Published

2024-03-06 18:24

Modified

2024-03-06 18:24

Severity ?

6.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery

Details

Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352). Junnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN34328023/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-27974
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)	(multiple product)

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
  "dc:date": "2024-03-06T18:24+09:00",
  "dcterms:issued": "2024-03-06T18:24+09:00",
  "dcterms:modified": "2024-03-06T18:24+09:00",
  "description": "Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nJunnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
  "sec:cpe": {
    "#text": "cpe:/a:fuji_xerox:multiple_product",
    "@product": "(multiple product)",
    "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2024-000027",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN34328023/index.html",
      "@id": "JVN#34328023",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27974",
      "@id": "CVE-2024-27974",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery"
}

cve-2024-27974

Vulnerability from cvelistv5

Published

2024-03-18 07:59

Modified

2024-10-31 17:23

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Summary

Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].

References

▼	URL	Tags
	https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html
	https://jvn.jp/en/jp/JVN34328023/

Impacted products

▼	Vendor	Product
	FUJIFILM Business Inovation Corp.	DocuPrint P450 d
	FUJIFILM Business Inovation Corp.	DocuPrint P450 JM
	FUJIFILM Business Inovation Corp.	DocuPrint P450 ps
	FUJIFILM Business Inovation Corp.	DocuPrint P455 d
	FUJIFILM Business Inovation Corp.	DocuPrint M455 df
	FUJIFILM Business Inovation Corp.	DocuPrint C2255
	FUJIFILM Business Inovation Corp.	DocuPrint C2450
	FUJIFILM Business Inovation Corp.	DocuPrint C2450 II
	FUJIFILM Business Inovation Corp.	DocuPrint C3200A
	FUJIFILM Business Inovation Corp.	DocuPrint C3350
	FUJIFILM Business Inovation Corp.	DocuPrint C3360
	FUJIFILM Business Inovation Corp.	DocuPrint C3450 d
	FUJIFILM Business Inovation Corp.	DocuPrint C3450 d II
	FUJIFILM Business Inovation Corp.	DocuPrint 4050
	FUJIFILM Business Inovation Corp.	DocuPrint 4060
	FUJIFILM Business Inovation Corp.	DocuPrint 5060
	FUJIFILM Business Inovation Corp.	DocuCentre-IV C2260
	FUJIFILM Business Inovation Corp.	DocuCentre-IV C2270
	FUJIFILM Business Inovation Corp.	DocuCentre-IV C3370
	FUJIFILM Business Inovation Corp.	DocuCentre-IV C4470
	FUJIFILM Business Inovation Corp.	DocuCentre-IV C5570
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C2270
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C3370
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C4470
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C5570
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C2270 R
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C3370 R
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C4470 R
	FUJIFILM Business Inovation Corp.	ApeosPort-IV C5570 R
	FUJIFILM Business Inovation Corp.	ApeosWide 6050/3030
	FUJIFILM Business Inovation Corp.	DocuWide 6057/3037
	FUJIFILM Business Inovation Corp.	DocuWide 6055
	FUJIFILM Business Inovation Corp.	DocuWide 3035
	FUJIFILM Business Inovation Corp.	DocuWide C842
	FUJIFILM Business Inovation Corp.	DocuWide 2055
	FUJIFILM Business Inovation Corp.	DocuWide 9098α
	FUJIFILM Business Inovation Corp.	DocuWide 9095α

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-18T15:41:24.178975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-352",
                "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T17:23:55.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:41:55.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN34328023/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DocuPrint P450 d",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint P450 JM",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint P450 ps",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint P455 d",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint M455 df",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C2255",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C2450",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C2450 II",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C3200A",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C3350",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C3360",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C3450 d",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint C3450 d II",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint 4050",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint 4060",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuPrint 5060",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuCentre-IV C2260",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuCentre-IV C2270",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuCentre-IV C3370",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuCentre-IV C4470",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuCentre-IV C5570",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C2270",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C3370",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C4470",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C5570",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C2270 R",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C3370 R",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C4470 R",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosPort-IV C5570 R",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "ApeosWide 6050/3030",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide 6057/3037",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide 6055",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide 3035",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide C842",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide 2055",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide 9098\u03b1",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "DocuWide 9095\u03b1",
          "vendor": "FUJIFILM Business Inovation Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator\u0027s ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site request forgery (CSRF)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-18T07:59:37.720Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN34328023/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-27974",
    "datePublished": "2024-03-18T07:59:37.720Z",
    "dateReserved": "2024-02-28T23:42:20.075Z",
    "dateUpdated": "2024-10-31T17:23:55.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted