CVE-2024-27166

Summary

Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

Affected Software

VendorProductVersion RangeStatus
Toshiba Tec CorporationToshiba Tec e-Studio multi-function peripheral (MFP)see the reference URLaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions
  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information
  • CWE-256: CWE-256 Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References