ToshibaVULNRICHMENT:CVE-2024-27156CVE-2024-27156 Leak of authentication sessions in secure logs
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
CNA Affected
[
{
"vendor": "Toshiba Tec Corporation",
"product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
"versions": [
{
"status": "affected",
"version": "see the reference URL"
}
],
"platforms": [
"Linux"
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial