CVE-2024-33605
Published: 26 November 2024
Summary
CVE-2024-33605 is a high-severity Path Traversal (CWE-22) vulnerability in Global (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-33605 is a path traversal vulnerability (CWE-22) caused by improper handling of parameters in the installed_emanual_list.html component. It affects specific Sharp and Toshiba multifunction printer and copier models, with full details on impacted product names, versions, and firmware available in the vendors' security notices.
An unauthenticated attacker can exploit the flaw remotely over the network without user interaction or credentials. Successful exploitation grants read access to arbitrary files on the device, consistent with the CVSS 7.5 rating that reflects high confidentiality impact and no integrity or availability effects.
Vendor advisories published by Sharp, Toshiba, and JVN, along with independent analysis, list the affected devices and direct administrators to apply the corresponding firmware updates or configuration changes referenced in those notices. The EPSS score stands at 0.60 with no subsequent increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34576
Vulnerability details
Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.