CVE-2024-47295

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://epson.com/Support/wa00958
https://jvn.jp/en/vu/JVNVU95133448/
https://www.epson.jp/support/misc_t/240930_03_oshirase.htm

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-01 04:15

Updated : 2024-11-11 08:15

NVD link : CVE-2024-47295

Mitre link : CVE-2024-47295

CVE.ORG link : CVE-2024-47295

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Initialization of a Resource with an Insecure Default

{"id": "CVE-2024-47295", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-10-01T04:15:18.040", "references": [{"url": "https://epson.com/Support/wa00958", "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/vu/JVNVU95133448/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.epson.jp/support/misc_t/240930_03_oshirase.htm", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References]."}, {"lang": "es", "value": "Un problema de configuraci\u00f3n de contrase\u00f1a inicial insegura en SEIKO EPSON Web Config permite que un atacante remoto no autenticado establezca una contrase\u00f1a arbitraria y opere el dispositivo con privilegios administrativos. Para conocer los detalles de las versiones afectadas, consulte la informaci\u00f3n proporcionada por el proveedor en [Referencias]."}], "lastModified": "2024-11-11T08:15:09.423", "sourceIdentifier": "vultures@jpcert.or.jp"}