{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29146", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-05-22T09:00:07.612Z", "datePublished": "2024-11-26T07:37:20.253Z", "dateUpdated": "2024-11-26T14:09:24.767Z"}, "containers": {"cna": {"affected": [{"vendor": "Sharp Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Sharp Corporation listed under [References]", "status": "affected"}]}, {"vendor": "Toshiba Tec Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Toshiba Tec Corporation listed under [References]", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "problemTypes": [{"descriptions": [{"description": "Cleartext storage of sensitive information", "lang": "en-US", "cweId": "CWE-312", "type": "CWE"}]}], "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"url": "https://www.toshibatec.com/information/20240531_02.html"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T07:37:20.253Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29146", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-26T14:03:29.416641Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T14:09:24.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29146", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-26T14:03:29.416641Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T14:03:31.747Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Sharp Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"status": "affected", "version": "See the information provided by Sharp Corporation listed under [References]"}]}, {"vendor": "Toshiba Tec Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"status": "affected", "version": "See the information provided by Toshiba Tec Corporation listed under [References]"}]}], "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"url": "https://www.toshibatec.com/information/20240531_02.html"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}], "descriptions": [{"lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-312", "description": "Cleartext storage of sensitive information"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T07:37:20.253Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29146", "state": "PUBLISHED", "dateUpdated": "2024-11-26T14:09:24.767Z", "dateReserved": "2024-05-22T09:00:07.612Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-11-26T07:37:20.253Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "id": "CVE-2024-29146", "lastModified": "2024-11-26T08:15:05.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2024-11-26T08:15:05.203", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"source": "vultures@jpcert.or.jp", "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toshibatec.com/information/20240531_02.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}