Japan Vulnerability NotesJVN:13313061JVN#13313061: TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery.
Impact
If the administrator views a malicious page while logged into the web-based management utility (TopAccess), passwords may be altered. As a result, a remote attacker may obtain the document assets such as scan data.
Solution
According to the developer, an update to address this issue will not be provided.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
- Do not access other websites while logged into the web-based management utility (TopAccess)
Products Affected
- e-Studio 232/233/282/283
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%