From 88da24bf09a5531dc953227e6ed8646f915be068 Mon Sep 17 00:00:00 2001
From: GwanYeong Kim <gy741.kim@gmail.com>
Date: Sun, 30 Jun 2024 14:39:15 +0900
Subject: [PATCH] Create CVE-2024-33605.yaml

It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
---
 http/cves/2024/CVE-2024-33605.yaml | 46 ++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-33605.yaml

diff --git a/http/cves/2024/CVE-2024-33605.yaml b/http/cves/2024/CVE-2024-33605.yaml
new file mode 100644
index 0000000000..0993a6271f
--- /dev/null
+++ b/http/cves/2024/CVE-2024-33605.yaml
@@ -0,0 +1,46 @@
+id: CVE-2024-33605
+
+info:
+  name: Sharp Multifunction Printers - Arbitrary Directory Listing without authentication
+  author: gy741
+  severity: high
+  description: |
+    It was observed that Sharp printers are vulnerable to an arbitrary directory listing without authentication. Any attacker can list any directory located in the printer and recover any file.
+  remediation: Apply all relevant security patches and product upgrades.
+  reference:
+    - https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-arbitrary-directory-listing
+    - https://jvn.jp/en/vu/JVNVU93051062/index.html
+    - https://global.sharp/products/copier/info/info_security_2024-05.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2024-33605
+    cwe-id: CWE-22
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: "Set-Cookie: MFPSESSIONID="
+  tags: cve,cve2024,sharp,printer,traversal
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/installed_emanual_list.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'ServiceEmanualList'
+          - '/installed_emanual_down.html'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "Set-Cookie: MFPSESSIONID="
+
+      - type: status
+        status:
+          - 200