CVE-2024-21824

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Existe una vulnerabilidad de autenticación incorrecta en varias impresoras y escáneres que implementan la administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. Si se explota esta vulnerabilidad, un usuario adyacente a la red que pueda acceder al producto puede hacerse pasar por un usuario administrativo. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias].

*Credits: N/A

CVSS Scores

CISAv3.1 5.3

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-09 CVE Reserved
2024-03-18 CVE Published
2024-03-19 EPSS Updated
2024-11-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (6)

URL	Tag	Source
https://jvn.jp/en/jp/JVN82749078
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002
https://www.toshibatec.com/information/20240306_01.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
BROTHER INDUSTRIES, LTD. Search vendor "BROTHER INDUSTRIES, LTD."		Multiple Printers And Scanners Search vendor "BROTHER INDUSTRIES, LTD." for product "Multiple Printers And Scanners"				<= Search vendor "BROTHER INDUSTRIES, LTD." for product "Multiple Printers And Scanners" and version " <= "		en		Affected
FUJIFILM Business Innovation Corp. Search vendor "FUJIFILM Business Innovation Corp."		Multiple Printers And Scanners Search vendor "FUJIFILM Business Innovation Corp." for product "Multiple Printers And Scanners"				<= Search vendor "FUJIFILM Business Innovation Corp." for product "Multiple Printers And Scanners" and version " <= "		en		Affected
Toshiba Tec Corporation Search vendor "Toshiba Tec Corporation"		Multiple Printers And Scanners Search vendor "Toshiba Tec Corporation" for product "Multiple Printers And Scanners"				<= Search vendor "Toshiba Tec Corporation" for product "Multiple Printers And Scanners" and version " <= "		en		Affected
RICOH COMPANY, LTD. Search vendor "RICOH COMPANY, LTD."		Multiple Printers And Scanners Search vendor "RICOH COMPANY, LTD." for product "Multiple Printers And Scanners"				<= Search vendor "RICOH COMPANY, LTD." for product "Multiple Printers And Scanners" and version " <= "		en		Affected