Vulnerability Description
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://global.sharp/products/copier/info/info_security_2024-05.html
- https://jp.sharp/business/print/information/info_security_2024-05.html
- https://jvn.jp/en/vu/JVNVU93051062/
- https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
- https://www.toshibatec.co.jp/information/20240531_02.html
- https://www.toshibatec.com/information/20240531_02.html
- http://seclists.org/fulldisclosure/2024/Jul/0
FAQ
What is CVE-2024-28955?
CVE-2024-28955 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for ...
How severe is CVE-2024-28955?
CVE-2024-28955 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28955?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.