ToshibaVULNRICHMENT:CVE-2024-27169CVE-2024-27169 Lack of authentication
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference URL.
CNA Affected
[
{
"vendor": "Toshiba Tec Corporation",
"product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
"versions": [
{
"status": "affected",
"version": "see the reference URL"
}
],
"platforms": [
"Linux"
],
"defaultStatus": "unaffected"
}
]Related
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%