Detections
Analytics

Konica Bizhub Multifunction Printers Server-Side Request Forgery (CVE-2024-51981)

medium Tenable OT Security Plugin ID 505036

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.

Solution

Refer to the vendor advisory.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2024-51981

https://www.cve.org/CVERecord?id=CVE-2024-51981

http://www.nessus.org/u?6c7d4950

Plugin Details

Severity: Medium

ID: 505036

File Name: tenable_ot_konica_CVE-2024-51981.nasl

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 1/21/2026

Updated: 2/4/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:konicaminolta:bizhub_5000i_firmware, cpe:/o:konicaminolta:bizhub_3000mf_firmware, cpe:/o:konicaminolta:bizhub_4020i_firmware, cpe:/o:konicaminolta:bizhub_3080mf_firmware, cpe:/o:konicaminolta:bizhub_5020i_firmware, cpe:/o:konicaminolta:bizhub_4000i_firmware

Required KB Items: Tenable.ot/Konica

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/25/2025

Reference Information

CVE: CVE-2024-51981

CWE: 918, 93