Cross-site request forgery in FUJIFILM Business Innovation products - CVE-2024-27974
Published: March 6, 2024
Vulnerability identifier: #VU87139
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-27974
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
DocuPrint P455 d
DocuPrint M455 df
DocuPrint C2255
DocuCentre-IV C2260
DocuCentre-IV C2270
DocuCentre-IV C3370
DocuCentre-IV C4470
DocuCentre-IV C5570
ApeosPort-IV C2270
ApeosPort-IV C3370
ApeosPort-IV C4470
ApeosPort-IV C5570
ApeosPort-IV C2270 R
ApeosPort-IV C3370 R
ApeosPort-IV C4470 R
ApeosPort-IV C5570 R
ApeosWide 6050/3030
DocuWide 6057/3037
DocuWide 6055
DocuWide 3035
DocuPrint P455 d
DocuPrint M455 df
DocuPrint C2255
DocuCentre-IV C2260
DocuCentre-IV C2270
DocuCentre-IV C3370
DocuCentre-IV C4470
DocuCentre-IV C5570
ApeosPort-IV C2270
ApeosPort-IV C3370
ApeosPort-IV C4470
ApeosPort-IV C5570
ApeosPort-IV C2270 R
ApeosPort-IV C3370 R
ApeosPort-IV C4470 R
ApeosPort-IV C5570 R
ApeosWide 6050/3030
DocuWide 6057/3037
DocuWide 6055
DocuWide 3035
Software vendor:
FUJIFILM Business Innovation
FUJIFILM Business Innovation
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in the CentreWare Internet Services and Internet Services. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.