Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310170791HistoryJul 08, 2024 - 12:00 a.m.
Toshiba Printers Multiple Vulnerabilities (May 2024)
2024-07-0800:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
32
toshiba printers
multiple vulnerabilities
may 2024
cve-2024-3496
authentication bypass
xee
unnecessary privileges
default permissions
path traversal
sensitive information
plaintext storage
default credentials
hard-coded credentials
hard-coded password
xss
cleartext transmission
least privilege violation
missing authentication
os command injection
toctou race condition
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
Low
Multiple Toshiba printers are prone to multiple
vulnerabilities.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.170791");
script_version("2024-07-10T05:05:27+0000");
script_tag(name:"last_modification", value:"2024-07-10 05:05:27 +0000 (Wed, 10 Jul 2024)");
script_tag(name:"creation_date", value:"2024-07-08 20:41:07 +0000 (Mon, 08 Jul 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_cve_id("CVE-2024-3496", "CVE-2024-3498", "CVE-2024-27141", "CVE-2024-27142",
"CVE-2024-27143", "CVE-2024-27144", "CVE-2024-27145", "CVE-2024-27146",
"CVE-2024-27147", "CVE-2024-27148", "CVE-2024-27149", "CVE-2024-27150",
"CVE-2024-27151", "CVE-2024-27152", "CVE-2024-27153", "CVE-2024-27154",
"CVE-2024-27155", "CVE-2024-27156", "CVE-2024-27157", "CVE-2024-27158",
"CVE-2024-27159", "CVE-2024-27160", "CVE-2024-27161", "CVE-2024-27162",
"CVE-2024-27163", "CVE-2024-27164", "CVE-2024-27165", "CVE-2024-27166",
"CVE-2024-27167", "CVE-2024-27168", "CVE-2024-27169", "CVE-2024-27170",
"CVE-2024-27171", "CVE-2024-27172", "CVE-2024-27173", "CVE-2024-27174",
"CVE-2024-27175", "CVE-2024-27176", "CVE-2024-27177", "CVE-2024-27178",
"CVE-2024-27179", "CVE-2024-27180");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Toshiba Printers Multiple Vulnerabilities (May 2024)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("General");
script_dependencies("gb_toshiba_printer_consolidation.nasl");
script_mandatory_keys("toshiba/printer/detected");
script_tag(name:"summary", value:"Multiple Toshiba printers are prone to multiple
vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable firmware version is present on the target
host.");
script_tag(name:"insight", value:"The following flaws exist:
- CVE-2024-27141, CVE-2024-27142: XML entity expansion (XEE)
- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498: Execution with unnecessary
privileges
- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153,
CVE-2024-27155, CVE-2024-27167, CVE-2024-27171: Incorrect default permissions
- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177,
CVE-2024-27178: Path traversal
- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157: Insertion of sensitive information into log file
- CVE-2024-27166: Plaintext storage of a password
- CVE-2024-27179: Debug messages revealing unnecessary information
- CVE-2024-27158: Use of default credentials
- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170: Use of
hard-coded credentials
- CVE-2024-27164: Use of hard-coded password
- CVE-2024-27162: cross-site scripting (XSS)
- CVE-2024-27163: Cleartext transmission of sensitive information
- CVE-2024-27165: Least privilege violation
- CVE-2024-27169: Missing authentication for critical function
- CVE-2024-27172: OS command injection
- CVE-2024-27175: External control of file name or path
- CVE-2024-27180: Time-of-check time-of-use (TOCTOU) race condition
- CVE-2024-3496: Authentication bypass using an alternate path or channel");
script_tag(name:"solution", value:"Update to fixed version and apply the mitigation steps where
the case. See the referenced vendor advisory for further details.");
script_xref(name:"URL", value:"https://www.toshibatec.com/information/20240531_01.html");
script_xref(name:"URL", value:"https://jvn.jp/en//vu/JVNVU97136265/");
script_xref(name:"URL", value:"https://jvn.jp/en/vu/JVNVU97136265/480298/index.html");
script_xref(name:"URL", value:"https://pierrekim.github.io/advisories/2024-toshiba-mfp.txt");
script_xref(name:"URL", value:"https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
cpe_list = make_list("cpe:/o:toshibatec:e-studio2020ac_firmware",
"cpe:/o:toshibatec:e-studio2520ac_firmware",
"cpe:/o:toshibatec:e-studio2021ac_firmware",
"cpe:/o:toshibatec:e-studio2521ac_firmware",
"cpe:/o:toshibatec:e-studio2025nc_firmware",
"cpe:/o:toshibatec:e-studio2525ac_firmware",
"cpe:/o:toshibatec:e-studio3025ac_firmware",
"cpe:/o:toshibatec:e-studio3525ac_firmware",
"cpe:/o:toshibatec:e-studio3525acg_firmware",
"cpe:/o:toshibatec:e-studio4525ac_firmware",
"cpe:/o:toshibatec:e-studio4525acg_firmware",
"cpe:/o:toshibatec:e-studio5525ac_firmware",
"cpe:/o:toshibatec:e-studio5525acg_firmware",
"cpe:/o:toshibatec:e-studio6525ac_firmware",
"cpe:/o:toshibatec:e-studio6525acg_firmware",
"cpe:/o:toshibatec:e-studio2528a_firmware",
"cpe:/o:toshibatec:e-studio3028a_firmware",
"cpe:/o:toshibatec:e-studio3528ag_firmware",
"cpe:/o:toshibatec:e-studio4528a_firmware",
"cpe:/o:toshibatec:e-studio4528ag_firmware",
"cpe:/o:toshibatec:e-studio5528a_firmware",
"cpe:/o:toshibatec:e-studio6528a_firmware",
"cpe:/o:toshibatec:e-studio6526ac_firmware",
"cpe:/o:toshibatec:e-studio6527ac_firmware",
"cpe:/o:toshibatec:e-studio7527ac_firmware",
"cpe:/o:toshibatec:e-studio6529a_firmware",
"cpe:/o:toshibatec:e-studio7529a_firmware",
"cpe:/o:toshibatec:e-studio9029a_firmware",
"cpe:/o:toshibatec:e-studio330ac_firmware",
"cpe:/o:toshibatec:e-studio400ac_firmware",
"cpe:/o:toshibatec:e-studio2010ac_firmware",
"cpe:/o:toshibatec:e-studio2110ac_firmware",
"cpe:/o:toshibatec:e-studio2510ac_firmware",
"cpe:/o:toshibatec:e-studio2610ac_firmware",
"cpe:/o:toshibatec:e-studio2015nc_firmware",
"cpe:/o:toshibatec:e-studio2515ac_firmware",
"cpe:/o:toshibatec:e-studio2615ac_firmware",
"cpe:/o:toshibatec:e-studio3015ac_firmware",
"cpe:/o:toshibatec:e-studio3115ac_firmware",
"cpe:/o:toshibatec:e-studio3515ac_firmware",
"cpe:/o:toshibatec:e-studio3615ac_firmware",
"cpe:/o:toshibatec:e-studio4515ac_firmware",
"cpe:/o:toshibatec:e-studio4615ac_firmware",
"cpe:/o:toshibatec:e-studio5015ac_firmware",
"cpe:/o:toshibatec:e-studio5115ac_firmware",
"cpe:/o:toshibatec:e-studio2018a_firmware",
"cpe:/o:toshibatec:e-studio2518a_firmware",
"cpe:/o:toshibatec:e-studio2618a_firmware",
"cpe:/o:toshibatec:e-studio3018ag_firmware",
"cpe:/o:toshibatec:e-studio3618a_firmware",
"cpe:/o:toshibatec:e-studio3518ag_firmware",
"cpe:/o:toshibatec:e-studio3618ag_firmware",
"cpe:/o:toshibatec:e-studio4518a_firmware",
"cpe:/o:toshibatec:e-studio4618a_firmware",
"cpe:/o:toshibatec:e-studio4518ag_firmware",
"cpe:/o:toshibatec:e-studio4618ag_firmware",
"cpe:/o:toshibatec:e-studio5018a_firmware",
"cpe:/o:toshibatec:e-studio5118a_firmware",
"cpe:/o:toshibatec:e-studio5516ac_firmware",
"cpe:/o:toshibatec:e-studio5616ac_firmware",
"cpe:/o:toshibatec:e-studio6516ac_firmware",
"cpe:/o:toshibatec:e-studio6616ac_firmware",
"cpe:/o:toshibatec:e-studio7516ac_firmware",
"cpe:/o:toshibatec:e-studio7616ac_firmware",
"cpe:/o:toshibatec:e-studio5518a_firmware",
"cpe:/o:toshibatec:e-studio5618a_firmware",
"cpe:/o:toshibatec:e-studio6518a_firmware",
"cpe:/o:toshibatec:e-studio6618a_firmware",
"cpe:/o:toshibatec:e-studio7518a_firmware",
"cpe:/o:toshibatec:e-studio7618a_firmware",
"cpe:/o:toshibatec:e-studio8518a_firmware",
"cpe:/o:toshibatec:e-studio8618a_firmware",
"cpe:/o:toshibatec:e-studio2000ac_firmware",
"cpe:/o:toshibatec:e-studio2500ac_firmware",
"cpe:/o:toshibatec:e-studio2005nc_firmware",
"cpe:/o:toshibatec:e-studio2505ac_firmware",
"cpe:/o:toshibatec:e-studio3005ac_firmware",
"cpe:/o:toshibatec:e-studio3505ac_firmware",
"cpe:/o:toshibatec:e-studio4505ac_firmware",
"cpe:/o:toshibatec:e-studio5005ac_firmware",
"cpe:/o:toshibatec:e-studio2008a_firmware",
"cpe:/o:toshibatec:e-studio2508a_firmware",
"cpe:/o:toshibatec:e-studio3008a_firmware",
"cpe:/o:toshibatec:e-studio3008ag_firmware",
"cpe:/o:toshibatec:e-studio3508a_firmware",
"cpe:/o:toshibatec:e-studio3508ag_firmware",
"cpe:/o:toshibatec:e-studio4508a_firmware",
"cpe:/o:toshibatec:e-studio4508ag_firmware",
"cpe:/o:toshibatec:e-studio5008a_firmware",
"cpe:/o:toshibatec:e-studio5506ac_firmware",
"cpe:/o:toshibatec:e-studio6506ac_firmware",
"cpe:/o:toshibatec:e-studio7506ac_firmware",
"cpe:/o:toshibatec:e-studio5508a_firmware",
"cpe:/o:toshibatec:e-studio6508a_firmware",
"cpe:/o:toshibatec:e-studio7508a_firmware",
"cpe:/o:toshibatec:e-studio8508a_firmware",
"cpe:/o:toshibatec:e-studio3508lp_firmware",
"cpe:/o:toshibatec:e-studio4508lp_firmware",
"cpe:/o:toshibatec:e-studio5508lp_firmware",
"cpe:/o:toshibatec:e-studiolp35_firmware",
"cpe:/o:toshibatec:e-studiolp45_firmware",
"cpe:/o:toshibatec:e-studiolp50_firmware");
if (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE))
exit(0);
version = infos["version"];
cpe = infos["cpe"];
if (cpe =~ "^cpe:/o:toshibatec:e-studio2[05]2[01]ac_firmware" ||
cpe == "cpe:/o:toshibatec:e-studio2025nc_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio(25|30)25ac_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[3456]525(ac|acg)_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio(25|30|45|55|65)28a_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[34]528ag_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio652[67]ac_firmware" ||
cpe == "cpe:/o:toshibatec:e-studio7527ac_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio(65|75|90)29a_firmware") {
if (version_is_less(version: version, test_version: "TS20SD0W1814")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TS20SD0W1814");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio(33|40)0ac_firmware") {
if (version_is_less(version: version, test_version: "TP01HD0W2100")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TP01HD0W2100");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio2[0156]10ac_firmware") {
if (version_is_less(version: version, test_version: "TB01HD0W2100")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TB01HD0W2100");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe == "cpe:/o:toshibatec:e-studio2015nc_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[234][56]15ac_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[35][01]15ac_firmware") {
if (version_is_less(version: version, test_version: "TC01HD0W2100")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TC01HD0W2100");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio2[056]18a_firmware" ||
cpe == "cpe:/o:toshibatec:e-studio3018ag_firmware" ||
cpe == "cpe:/o:toshibatec:e-studio3618a_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[34][56]18ag_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio4[56]18a_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio5[01]18a_firmware") {
if (version_is_less(version: version, test_version: "TG01HD0W2100")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TG01HD0W2100");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio[567][56]16ac_firmware") {
if (version_is_less(version: version, test_version: "TE01HD0W2100")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TE01HD0W2100");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio[5678][56]18a_firmware") {
if (version_is_less(version: version, test_version: "TJ01HD0W2100")) {
report = report_fixed_ver(installed_version: version, fixed_version: "TJ01HD0W2100");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio2[05]00ac_firmware") {
if (version_is_less(version: version, test_version: "T370HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T370HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe == "cpe:/o:toshibatec:e-studio2005nc_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[234]505ac_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio[35]005ac_firmware") {
if (version_is_less(version: version, test_version: "T373HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T373HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio(20|25|50)08a_firmware" ||
cpe =~ "^cpe:/o:toshibatec:e-studio(30|35|45)08(a|ag)_firmware") {
if (version_is_less(version: version, test_version: "T410HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T410HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio[567]506ac_firmware") {
if (version_is_less(version: version, test_version: "T380HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T380HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio[5678]508a_firmware") {
if (version_is_less(version: version, test_version: "T385HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T385HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studio[345]508lp_firmware") {
if (version_is_less(version: version, test_version: "T430HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T430HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
if (cpe =~ "^cpe:/o:toshibatec:e-studiolp(35|45|50)_firmware") {
if (version_is_less(version: version, test_version: "T430HD0W1910")) {
report = report_fixed_ver(installed_version: version, fixed_version: "T430HD0W1910");
security_message(port: 0, data: report);
exit(0);
}
}
exit(99);Related
packetstorm
packetstorm
Toshiba Multi-Function Printers 40 Vulnerabilities
2024-07-04 00:00:00
nvd
nvd
vulnrichment
vulnrichment
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
2024-06-14 02:21:24
CVE-2024-27155 Local Privilege Escalation and Remote Code Execution using insecure permissions
2024-06-14 03:18:25
CVE-2024-27176 Remote Code Execution
2024-06-14 04:05:52
cvelist
cvelist
CVE-2024-27165 Local Privilege Escalation
2024-06-14 03:43:22
CVE-2024-27155 Local Privilege Escalation and Remote Code Execution using insecure permissions
2024-06-14 03:18:25
CVE-2024-27143 Pre-authenticated Remote Code Execution
2024-06-14 02:29:54
cve
cve
githubexploit
githubexploit
Exploit for CVE-2024-27173
2024-06-14 07:04:46
zdi
zdi
Toshiba e-STUDIO2518A Authentication Bypass Vulnerability
2024-06-18 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.4
Confidence
Low
Related for OPENVAS:1361412562310170791