CVE-2024-36248 Vulnerability Details

  /     /     /  

CVE-2024-36248 Metadata Quick Info

CVE Published: 26/11/2024 | CVE Updated: 26/11/2024 | CVE Year: 2024
Source: jpcert | Vendor: Sharp Corporation | Product: Multiple MFPs (multifunction printers)
Status : PUBLISHED

---

CVE-2024-36248 Description

API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Metrics

CVSS Version: 3.1 | Base Score: 9.1 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-798
CWE Name: Use of hard-coded credentials
Source: Sharp Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).