Lucene search
Ecc0f906-8666-484c-bcf8-c3b7520a72f0NVD:CVE-2024-27168HistoryJun 14, 2024 - 4:15 a.m.
CVE-2024-27168
2024-06-1404:15:34
CWE-798
ecc0f906-8666-484c-bcf8-c3b7520a72f0
web.nvd.nist.gov
7
hardcoded keys
internal api
authentication bypass
administrative interfaces
reference url
affected products
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
0
Percentile
15.5%
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL.
Related
cvelist
cvelist
CVE-2024-27168 Hardcoded keys used to generate authentication cookies
2024-06-14 03:53:58
cve
cve
CVE-2024-27168
2024-06-14 04:15:34
vulnrichment
vulnrichment
CVE-2024-27168 Hardcoded keys used to generate authentication cookies
2024-06-14 03:53:58
openvas
openvas
Toshiba Printers Multiple Vulnerabilities (May 2024)
2024-07-08 00:00:00
packetstorm
packetstorm
Toshiba Multi-Function Printers 40 Vulnerabilities
2024-07-04 00:00:00
CVSS3
7.1
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
0
Percentile
15.5%
Related for NVD:CVE-2024-27168