Lucene search

ToshibaCVELIST:CVE-2024-27166

HistoryJun 14, 2024 - 3:48 a.m.

CVE-2024-27166 Insecure permissions

2024-06-1403:48:46

CWE-256

CWE-319

CWE-276

Toshiba

www.cve.org

cve-2024-27166

permissions

toshiba

printers

local attacker

confidential information

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

15.5%

JSON

Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
    "vendor": "Toshiba Tec Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "see the reference URL"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jul/1

jvn.jp/en/vu/JVNVU97136265/index.html

www.toshibatec.com/information/20240531_01.html

www.toshibatec.com/information/pdf/information20240531_01.pdf

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

15.5%

JSON

Related for CVELIST:CVE-2024-27166