CVE-2024-27146

Summary

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL.

Affected Software

VendorProductVersion RangeStatus
Toshiba Tec CorporationToshiba Tec e-Studio multi-function peripheral (MFP)see the reference URLaffected

Weaknesses

  • CWE-250: CWE-250: "Execution with Unnecessary Privileges"

Workarounds

When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References