CVE-2024-27174
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Toshiba Tec Corporation | Toshiba Tec e-Studio multi-function peripheral (MFP) | see the reference URL | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Workarounds
When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
- https://www.toshibatec.com/information/20240531_01.html
- https://www.toshibatec.com/information/pdf/information20240531_01.pdf
- https://jvn.jp/en/vu/JVNVU97136265/index.html
- http://seclists.org/fulldisclosure/2024/Jul/1
References
- https://www.toshibatec.com/information/20240531_01.html
- https://www.toshibatec.com/information/pdf/information20240531_01.pdf
- https://jvn.jp/en/vu/JVNVU97136265/index.html
- http://seclists.org/fulldisclosure/2024/Jul/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.