CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
45.5%
The Toshiba 4690 operating system, version 6 (Release 3) and possibly earlier versions, contains an information disclosure vulnerability.
CWE-200: Information Exposure - CVE-2014-4876
The Toshiba 4690 operating system, version 6 (Release 3) and possibly earlier versions, contains an information disclosure vulnerability. Sending a special string to TCP port 54138 causes system environment variables and other information to be returned to an unauthenticated client. The vendor has stated that this disclosure occurs by design as part of the support capabilities of 4690 and that:
The data being returned contains information about the current state of the 4690 OS and can be used for problem determination. The information is generally the same as that available by local 4690 APIs or from RMA, the 4690 OS system management function. It doesnโt contain sensitive (PCI) information.
A remote, unauthenticated attacker is able to view potentially sensitive system information.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Disable services
The vendor has suggested a workaround for users concerned about the information being exposed:
The user should disable the ADXSITCF logical name to the string -q. This will disable the services that connect with the network to provide this information, however it will also disable RMA system management data collection as well as prevent the use of ADXSITQL by support teams for gathering information without dumping the machine.
924506
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 06, 2014 Updated: June 02, 2015
Statement Date: June 01, 2015
Affected
`Vulnerability ID: VU#301788 Vulnerability #2
Vulnerability Name: Toshiba 4690 Operating System โ 4690 OS System
Environmental Variables Accessible.
Overview
The vulnerability report stated that a string written to port 54138 โcauses
system environmental variables and other information to be returned to the
attacker without authenticationโ. This is by design and is part of the support
capabilities of 4690.
Description
The data being returned contains information about the current state of the
4690 OS and can be used for problem determination. The information is generally
the same as that available by local 4690 APIs or from RMA, the 4690 OS system
management function. It doesnโt contain sensitive (PCI) information. The fact
that a string is used is a relic of a prior design of the tool that used the
same port as the unix finger service. However at this point the string is used
simply as a handshake.
Impact
Anyone on the same network could send this byte sequence receive the same data.
The ADXSITQL can send additional commands to the machine to receive other data
as well, such as directory listings or enhanced mode log files. File transfer
of other files in either direction is not allowed. We donโt consider directory
listings and other environmental information to be sensitive data. There is no
sensitive data places in these log files that can be collected via this
mechanism.
Solution
The user should disable the ADXSITCF logical name to the string -q. This will
disable the services that connect with the network to provide this information,
however it will also disable RMA system management data collection as well as
prevent the use of ADXSITQL by support teams for gathering information without
dumping the machine.
Please submit a support request to Toshiba Global Commerce Solutions if you
have questions.
Vendor Information
VendorStatusDate NotifiedDate Updated
Toshiba Global Commerce Solutions
References
ยท <http://www.toshibacommerce.com>.`
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Temporal | 4.5 | E:F/RL:W/RC:C |
Environmental | 3.4 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to David Odell for reporting this vulnerability.
This document was written by Todd Lewellen and Joel Land.
CVE IDs: | CVE-2014-4876 |
---|---|
Date Public: | 2015-06-08 Date First Published: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
45.5%