| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-33610 | 10 Sep 202423:00 | – | circl | |
| Sharp MFP Security Vulnerability | 31 May 202400:00 | – | cnnvd | |
| CVE-2024-33610 | 26 Nov 202407:37 | – | cve | |
| CVE-2024-33610 | 26 Nov 202407:37 | – | cvelist | |
| Multiple vulnerabilities in Sharp and Toshiba Tec MFPs | 3 Jun 202405:36 | – | jvn | |
| CVE-2024-33610 | 26 Nov 202408:15 | – | nvd | |
| Sharp Multi-Function Printer 18 Vulnerabilities | 4 Jul 202400:00 | – | packetstorm | |
| PT-2024-25375 · Sharp +1 · Multiple Mfps | 26 Nov 202400:00 | – | ptsecurity | |
| CVE-2024-33610 | 5 Feb 202502:44 | – | redhatcve | |
| CVE-2024-33610 | 26 Nov 202407:37 | – | vulnrichment |
id: CVE-2024-33610
info:
name: Sharp Multifunction Printers - Cookie Exposure
author: gy741
severity: medium
description: It was observed that Sharp printers are vulnerable to a listing of session cookies without authentication. Any attacker can list valid cookies by visiting a backdoor webpage and use them to authenticate to the printers.
impact: |
The exposure of cookies can lead to session hijacking, unauthorized access, and potential data breaches.
remediation: |
Apply all relevant security patches and product upgrades.
reference:
- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-cookies
- https://jvn.jp/en/vu/JVNVU93051062/index.html
- https://global.sharp/products/copier/info/info_security_2024-05.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1
cve-id: CVE-2024-33610
cwe-id: CWE-284
epss-score: 0.45142
epss-percentile: 0.98633
metadata:
verified: true
max-request: 1
shodan-query: "Set-Cookie: MFPSESSIONID="
tags: cve,cve2024,sharp,printer,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/sessionlist.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'No.'
- 'User'
- 'From'
- 'Last login'
- 'Last access'
- 'Language ID'
- 'Cookie'
condition: and
- type: word
part: header
words:
- "Set-Cookie: MFPSESSIONID="
- type: status
status:
- 200
# digest: 4a0a004730450220248924d4cf97487d1570e5c227e76de9d8bff39eefb77c17a624ed9c8c0b6396022100e65fdc4372266385f5990f989b964cde170346299171ae2d035710117530a0db:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation