Lucene search
Ecc0f906-8666-484c-bcf8-c3b7520a72f0NVD:CVE-2024-27156HistoryJun 14, 2024 - 4:15 a.m.
CVE-2024-27156
2024-06-1404:15:18
CWE-532
ecc0f906-8666-484c-bcf8-c3b7520a72f0
web.nvd.nist.gov
3
authentication
session cookies
clear-text logs
remote attacker
credentials
bypass
reference url
CVSS3
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS
0
Percentile
15.5%
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
Related
cve
cve
CVE-2024-27156
2024-06-14 04:15:18
vulnrichment
vulnrichment
CVE-2024-27156 Leak of authentication sessions in secure logs
2024-06-14 03:20:49
cvelist
cvelist
CVE-2024-27156 Leak of authentication sessions in secure logs
2024-06-14 03:20:49
packetstorm
packetstorm
Toshiba Multi-Function Printers 40 Vulnerabilities
2024-07-04 00:00:00
openvas
openvas
Toshiba Printers Multiple Vulnerabilities (May 2024)
2024-07-08 00:00:00
CVSS3
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS
0
Percentile
15.5%
Related for NVD:CVE-2024-27156