CVE-2024-22475

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Vulnerabilidad de Cross-Site Request Forgery en múltiples impresoras y escáneres que implementan administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. permite que un atacante remoto no autenticado realice operaciones no deseadas en el producto afectado. En cuanto a los detalles de los nombres de productos, números de modelo y versiones afectados, consulte la información proporcionada por los respectivos proveedores que figuran en [Referencias].

*Credits: N/A

CVSS Scores

CISAv3.1 6.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-09 CVE Reserved
2024-03-18 CVE Published
2024-03-19 EPSS Updated
2024-10-27 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (6)

URL	Tag	Source
https://jvn.jp/en/jp/JVN82749078
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002
https://www.toshibatec.com/information/20240306_01.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
BROTHER INDUSTRIES, LTD. Search vendor "BROTHER INDUSTRIES, LTD."		Multiple Printers And Scanners Search vendor "BROTHER INDUSTRIES, LTD." for product "Multiple Printers And Scanners"				<= Search vendor "BROTHER INDUSTRIES, LTD." for product "Multiple Printers And Scanners" and version " <= "		en		Affected
FUJIFILM Business Innovation Corp. Search vendor "FUJIFILM Business Innovation Corp."		Multiple Printers And Scanners Search vendor "FUJIFILM Business Innovation Corp." for product "Multiple Printers And Scanners"				<= Search vendor "FUJIFILM Business Innovation Corp." for product "Multiple Printers And Scanners" and version " <= "		en		Affected
Toshiba Tec Corporation Search vendor "Toshiba Tec Corporation"		Multiple Printers And Scanners Search vendor "Toshiba Tec Corporation" for product "Multiple Printers And Scanners"				<= Search vendor "Toshiba Tec Corporation" for product "Multiple Printers And Scanners" and version " <= "		en		Affected
RICOH COMPANY, LTD. Search vendor "RICOH COMPANY, LTD."		Multiple Printers And Scanners Search vendor "RICOH COMPANY, LTD." for product "Multiple Printers And Scanners"				<= Search vendor "RICOH COMPANY, LTD." for product "Multiple Printers And Scanners" and version " <= "		en		Affected