fkie_cve-2024-51984
Vulnerability from fkie_nvd
Published
2025-06-25 08:15
Modified
2025-06-26 18:58
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker.
References
cve@rapid7.comhttps://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
cve@rapid7.comhttps://github.com/sfewer-r7/BrotherVulnerabilities
cve@rapid7.comhttps://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000
cve@rapid7.comhttps://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000
cve@rapid7.comhttps://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000
cve@rapid7.comhttps://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html
cve@rapid7.comhttps://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf
cve@rapid7.comhttps://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed
cve@rapid7.comhttps://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007
cve@rapid7.comhttps://www.toshibatec.com/information/20250625_02.html
134c704f-9b21-4f2e-91b3-4a467353bcc0https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker."
    },
    {
      "lang": "es",
      "value": "Un atacante autenticado puede reconfigurar el dispositivo objetivo para que use un servicio externo (como LDAP o FTP) controlado por \u00e9l. Si existe una contrase\u00f1a para un servicio externo, el atacante puede forzar al dispositivo objetivo a autenticarse en un dispositivo controlado por \u00e9l utilizando las credenciales existentes para ese servicio externo. En el caso de un servicio LDAP o FTP externo, esto revelar\u00e1 la contrase\u00f1a en texto plano de ese servicio externo al atacante."
    }
  ],
  "id": "CVE-2024-51984",
  "lastModified": "2025-06-26T18:58:14.280",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "cve@rapid7.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-25T08:15:33.220",
  "references": [
    {
      "source": "cve@rapid7.com",
      "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://github.com/sfewer-r7/BrotherVulnerabilities"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100846_000"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100848_000"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faqp00100620_000"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007"
    },
    {
      "source": "cve@rapid7.com",
      "url": "https://www.toshibatec.com/information/20250625_02.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
    }
  ],
  "sourceIdentifier": "cve@rapid7.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "cve@rapid7.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.