CVE-2024-27974 - Vulnerability Details - OpenCVE

Description

Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].

Published: 2024-03-18

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

FUJIFILM Business Inovation Corp.

DocuPrint P450 d

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint P450 JM

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint P450 ps

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint P455 d

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint M455 df

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C2255

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C2450

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C2450 II

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C3200A

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C3350

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C3360

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C3450 d

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint C3450 d II

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint 4050

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint 4060

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuPrint 5060

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuCentre-IV C2260

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuCentre-IV C2270

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuCentre-IV C3370

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuCentre-IV C4470

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuCentre-IV C5570

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C2270

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C3370

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C4470

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C5570

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C2270 R

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C3370 R

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C4470 R

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosPort-IV C5570 R

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

ApeosWide 6050/3030

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide 6057/3037

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide 6055

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide 3035

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide C842

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide 2055

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide 9098α

affected

Version	Status	Constraints
`all versions`	affected	—

FUJIFILM Business Inovation Corp.

DocuWide 9095α

affected

Version	Status	Constraints
`all versions`	affected	—

No data.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00239.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://jvn.jp/en/jp/JVN34328023/
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html

History

Thu, 31 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-352
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-03-18T07:59:37.720Z

Updated: 2024-10-31T17:23:55.536Z

Reserved: 2024-02-28T23:42:20.075Z

Link: CVE-2024-27974

Vulnrichment

Updated: 2024-08-02T00:41:55.916Z

NVD

Status : Deferred

Published: 2024-03-18T08:15:06.287

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-27974

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27974", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-02-28T23:42:20.075Z", "datePublished": "2024-03-18T07:59:37.720Z", "dateUpdated": "2024-10-31T17:23:55.536Z"}, "containers": {"cna": {"affected": [{"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P450 d", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P450 JM", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P450 ps", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P455 d", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint M455 df", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C2255", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C2450", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C2450 II", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3200A", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3350", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3360", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3450 d", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3450 d II", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint 4050", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint 4060", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint 5060", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C2260", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C2270", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C3370", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C4470", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C5570", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C2270", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C3370", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C4470", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C5570", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C2270 R", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C3370 R", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C4470 R", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C5570 R", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosWide 6050/3030", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 6057/3037", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 6055", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 3035", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide C842", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 2055", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 9098\u03b1", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 9095\u03b1", "versions": [{"version": "all versions", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]."}], "problemTypes": [{"descriptions": [{"description": "Cross-site request forgery (CSRF)", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"}, {"url": "https://jvn.jp/en/jp/JVN34328023/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-03-18T07:59:37.720Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-18T15:41:24.178975Z", "id": "CVE-2024-27974", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-31T17:23:55.536Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.916Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN34328023/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN34328023/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:41:55.916Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27974", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-18T15:41:24.178975Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.383Z"}}], "cna": {"affected": [{"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P450 d", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P450 JM", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P450 ps", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint P455 d", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint M455 df", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C2255", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C2450", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C2450 II", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3200A", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3350", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3360", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3450 d", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint C3450 d II", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint 4050", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint 4060", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuPrint 5060", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C2260", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C2270", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C3370", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C4470", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuCentre-IV C5570", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C2270", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C3370", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C4470", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C5570", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C2270 R", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C3370 R", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C4470 R", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosPort-IV C5570 R", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "ApeosWide 6050/3030", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 6057/3037", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 6055", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 3035", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide C842", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 2055", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 9098\u03b1", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "FUJIFILM Business Inovation Corp.", "product": "DocuWide 9095\u03b1", "versions": [{"status": "affected", "version": "all versions"}]}], "references": [{"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"}, {"url": "https://jvn.jp/en/jp/JVN34328023/"}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Cross-site request forgery (CSRF)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-03-18T07:59:37.720Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27974", "state": "PUBLISHED", "dateUpdated": "2024-10-31T17:23:55.536Z", "dateReserved": "2024-02-28T23:42:20.075Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-03-18T07:59:37.720Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery en impresoras FUJIFILM que implementan CentreWare Internet Services o Internet Services permite que un atacante remoto no autenticado altere la informaci\u00f3n del usuario. En el caso de que el usuario sea administrador, se podr\u00e1n alterar configuraciones como ID de administrador, contrase\u00f1a, etc. En cuanto a los detalles de los nombres de los productos, n\u00fameros de modelo y versiones afectados, consulte la informaci\u00f3n proporcionada por el proveedor que figura en [Referencias]."}], "id": "CVE-2024-27974", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-18T08:15:06.287", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN34328023/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://jvn.jp/en/jp/JVN34328023/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}