TROYANOSYVIRUS
Volver a CVEs

CVE-2024-51980

MEDIUM
5.3

Descripcion

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Detalles CVE

Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/25/2025
Ultima modificacion6/26/2025
Fuentenvd
Avistamientos honeypot0

Debilidades (CWE)

CWE-918

Referencias

https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf(cve@rapid7.com)
https://github.com/sfewer-r7/BrotherVulnerabilities(cve@rapid7.com)
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100846_000(cve@rapid7.com)
https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faq00100848_000(cve@rapid7.com)
https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faqp00100620_000(cve@rapid7.com)
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html(cve@rapid7.com)
https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf(cve@rapid7.com)
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed(cve@rapid7.com)
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007(cve@rapid7.com)
https://www.toshibatec.com/information/20250625_02.html(cve@rapid7.com)
https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.