CVE-2024-45842 — MEDIUM (5.3)

Q: How severe is CVE-2024-45842?

CVE-2024-45842 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-45842?

Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.

Vulnerability Description

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Toshibatec	E-Studio1058 Firmware	<= t1.01.h4.00
Toshibatec	E-Studio1058	-
Toshibatec	E-Studio1208 Firmware	<= t1.01.h4.00
Toshibatec	E-Studio1208	-
Toshibatec	E-Studio908 Firmware	<= t2.12.h3.00
Toshibatec	E-Studio908	-
Sharp	Bp-90C70 Firmware	-
Sharp	Bp-90C70	-
Sharp	Bp-90C80 Firmware	-
Sharp	Bp-90C80	-
Sharp	Bp-70C65 Firmware	-
Sharp	Bp-70C65	-
Sharp	Bp-70C55 Firmware	-
Sharp	Bp-70C55	-
Sharp	Bp-70C45 Firmware	-
Sharp	Bp-70C45	-
Sharp	Bp-70C36 Firmware	-
Sharp	Bp-70C36	-
Sharp	Bp-70C31 Firmware	-
Sharp	Bp-70C31	-

Related Weaknesses (CWE)

CWE-22

References

https://global.sharp/products/copier/info/info_security_2024-10.htmlVendor Advisory
https://jvn.jp/en/vu/JVNVU95063136/Third Party Advisory
https://www.toshibatec.com/information/20241025_01.htmlVendor Advisory

FAQ

What is CVE-2024-45842?

CVE-2024-45842 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP reques...

How severe is CVE-2024-45842?

CVE-2024-45842 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45842?

Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.