CVE-2024-47295

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://epson.com/Support/wa00958
https://jvn.jp/en/vu/JVNVU95133448/
https://www.epson.jp/support/misc_t/240930_03_oshirase.htm

Configurations

No configuration.

History

11 Nov 2024, 08:15

Type	Values Removed	Values Added
References		() https://epson.com/Support/wa00958 -

01 Oct 2024, 14:35

Type	Values Removed	Values Added
Summary		(es) Un problema de configuración de contraseña inicial insegura en SEIKO EPSON Web Config permite que un atacante remoto no autenticado establezca una contraseña arbitraria y opere el dispositivo con privilegios administrativos. Para conocer los detalles de las versiones afectadas, consulte la información proporcionada por el proveedor en [Referencias].

01 Oct 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-01 04:15

Updated : 2024-11-11 08:15

NVD link : CVE-2024-47295

Mitre link : CVE-2024-47295

CVE.ORG link : CVE-2024-47295

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Insecure Default Initialization of Resource

{"id": "CVE-2024-47295", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-10-01T04:15:18.040", "references": [{"url": "https://epson.com/Support/wa00958", "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/vu/JVNVU95133448/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]."}, {"lang": "es", "value": "Un problema de configuraci\u00f3n de contrase\u00f1a inicial insegura en SEIKO EPSON Web Config permite que un atacante remoto no autenticado establezca una contrase\u00f1a arbitraria y opere el dispositivo con privilegios administrativos. Para conocer los detalles de las versiones afectadas, consulte la informaci\u00f3n proporcionada por el proveedor en [Referencias]."}], "lastModified": "2024-11-11T08:15:09.423", "sourceIdentifier": "vultures@jpcert.or.jp"}