CVE-2024-21824

low-risk

Published 2024-03-18

Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].

Do I need to act?

-

0.05% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.3/10 Medium

ADJACENT_NETWORK / HIGH complexity

References (12)

https://jvn.jp/en/jp/JVN82749078/

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.h...

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002

https://www.toshibatec.com/information/20240306_01.html

https://jvn.jp/en/jp/JVN82749078/

https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000

https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000

https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.h...

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002

https://www.toshibatec.com/information/20240306_01.html

19

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal