CVE-2024-27171

Summary

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

Affected Software

VendorProductVersion RangeStatus
Toshiba Tec CorporationToshiba Tec e-Studio multi-function peripheral (MFP)see the reference URLaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References