CVE-2024-28955 is a vulnerability identified in multiple Sharp Corporation multifunction printers (MFPs) where the devices generate coredump files upon system crashes. These coredump files, which contain snapshots of the device's memory at the time of failure, are stored with world-readable permissions. This incorrect permission assignment means that any local user with access to the device can read these files and potentially extract sensitive information from the memory contents, such as credentials, configuration data, or other confidential information. The vulnerability does not require prior authentication or user interaction but does require local access to the device, which limits remote exploitation. The CVSS v3.1 base score is 5.9, indicating medium severity, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). No known exploits are currently reported in the wild, and no specific patches or mitigation links were provided in the source data. The affected versions and models are detailed by Sharp Corporation in their advisories. This vulnerability primarily threatens confidentiality by exposing sensitive memory data to unauthorized local users on the device.

For European organizations, the primary impact of CVE-2024-28955 is the potential exposure of sensitive information stored in the memory of Sharp MFP devices. This could include user credentials, network configuration details, or other confidential data that might be leveraged for further attacks or data breaches. Organizations with shared or public access to these devices, such as in office environments, government agencies, or critical infrastructure sectors, face increased risk if local access controls are weak. The vulnerability does not directly affect device integrity or availability but could facilitate lateral movement or privilege escalation if attackers extract sensitive credentials. Given the medium CVSS score and the requirement for local access, the threat is moderate but significant in environments where physical or local network access to MFPs is not tightly controlled. The lack of known exploits reduces immediate risk but does not eliminate the need for proactive mitigation.

European organizations should implement strict physical and logical access controls to restrict local access to Sharp MFP devices. This includes securing device locations, enforcing user authentication for device access, and monitoring device usage logs for unauthorized access attempts. Network segmentation should isolate MFPs from sensitive network segments to limit potential lateral movement. Organizations should consult Sharp Corporation's official advisories for specific affected models and apply any available firmware updates or patches promptly once released. Additionally, disabling or restricting the generation of coredump files, if configurable, can reduce exposure. Regular security audits and vulnerability assessments of MFPs should be conducted to detect misconfigurations. Employing endpoint detection and response (EDR) solutions to monitor unusual activity on devices may also help detect exploitation attempts. Finally, educating staff about the risks of local device access and enforcing policies to prevent unauthorized use are critical.