Lucene search

ToshibaCVELIST:CVE-2024-27155

HistoryJun 14, 2024 - 3:18 a.m.

CVE-2024-27155 Local Privilege Escalation and Remote Code Execution using insecure permissions

2024-06-1403:18:25

CWE-276

Toshiba

www.cve.org

toshiba printers

vulnerability

local privilege escalation

remote code execution

insecure permissions

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

15.5%

JSON

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
    "vendor": "Toshiba Tec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "see the reference URL"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jul/1

jvn.jp/en/vu/JVNVU97136265/index.html

www.toshibatec.com/information/20240531_01.html

www.toshibatec.com/information/pdf/information20240531_01.pdf

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

15.5%

JSON

Related for CVELIST:CVE-2024-27155