Lucene search

CVE-2024-27143

🗓️ 14 Jun 2024 03:10:15Reported by ToshibaType

cve🔗 web.nvd.nist.gov👁 42 Views🌐 WEB

Toshiba printers SNMP remote root acces

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
NVD	CVE-2024-27143	14 Jun 202403:15	–	nvd
Cvelist	CVE-2024-27143 Pre-authenticated Remote Code Execution	14 Jun 202402:29	–	cvelist
Vulnrichment	CVE-2024-27143 Pre-authenticated Remote Code Execution	14 Jun 202402:29	–	vulnrichment
OpenVAS	Toshiba Printers Multiple Vulnerabilities (May 2024)	8 Jul 202400:00	–	openvas
Packet Storm	Toshiba Multi-Function Printers 40 Vulnerabilities	4 Jul 202400:00	–	packetstorm

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
    "vendor": "Toshiba Tec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "see the reference URL"
      }
    ]
  }
]

Source	Link
toshibatec	www.toshibatec.com/information/pdf/information20240531_01.pdf
toshibatec	www.toshibatec.com/information/20240531_01.html
seclists	www.seclists.org/fulldisclosure/2024/Jul/1
jvn	www.jvn.jp/en/vu/JVNVU97136265/index.html

Parameter	Position	Path	Description	CWE
csrfpId	request body	/contentwebserver	Pre-authenticated Blind XML External Entity (XXE) injection vulnerability leading to DoS.	CWE-250
Name	request body	/contentwebserver/upload	Allows file uploads to arbitrary paths resulting in remote code execution.	CWE-250

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jun 2024 03:15Current

9.8High risk

Vulners AI Score9.8

CVSS39.8

EPSS0.00583

SSVC

CWE-250