Description

Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability.
Unintended internal files may be retrieved when processing crafted HTTP requests.

Classification

CVE ID: CVE-2024-45842

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: Sharp Corporation

Product: Sharp Digital Full-color MFPs and Monochrome MFPs

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 23.25% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://jvn.jp/en/vu/JVNVU95063136/
https://global.sharp/products/copier/info/info_security_2024-10.html
https://www.toshibatec.com/information/20241025_01.html

Timeline