CVE-2024-34162

{"id": "CVE-2024-34162", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-11-26T08:15:06.123", "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html", "source": "[email protected]"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html", "source": "[email protected]"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/", "source": "[email protected]"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html", "source": "[email protected]"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html", "source": "[email protected]"}, {"url": "https://www.toshibatec.com/information/20240531_02.html", "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/0", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-767"}]}], "descriptions": [{"lang": "en", "value": "The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to \"SIMPLE\", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}, {"lang": "es", "value": "La interfaz web de los dispositivos afectados est\u00e1 dise\u00f1ada para ocultar las credenciales LDAP incluso para los usuarios administrativos. Pero al configurar la autenticaci\u00f3n LDAP en \"SIMPLE\", el dispositivo se comunica con el servidor LDAP en texto sin formato. La contrase\u00f1a LDAP se puede recuperar a partir de esta comunicaci\u00f3n en texto sin formato. En cuanto a los detalles de los nombres de los productos afectados, los n\u00fameros de modelo y las versiones, consulte la informaci\u00f3n proporcionada por los respectivos proveedores que se enumeran en [Referencias]."}], "lastModified": "2025-11-04T18:16:21.263", "sourceIdentifier": "[email protected]"}