CVE-2024-28955

Published: Nov 26, 2024Modified: Nov 4, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: vultures@jpcert.or.jp (Secondary)

Description

Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (7)

https://global.sharp/products/copier/info/info_security_2024-05.html

Source: vultures@jpcert.or.jp

https://jp.sharp/business/print/information/info_security_2024-05.html

Source: vultures@jpcert.or.jp

https://jvn.jp/en/vu/JVNVU93051062/

Source: vultures@jpcert.or.jp

https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html

Source: vultures@jpcert.or.jp

https://www.toshibatec.co.jp/information/20240531_02.html

Source: vultures@jpcert.or.jp

https://www.toshibatec.com/information/20240531_02.html

Source: vultures@jpcert.or.jp

http://seclists.org/fulldisclosure/2024/Jul/0

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.