Lucene search

Ecc0f906-8666-484c-bcf8-c3b7520a72f0NVD:CVE-2024-27142

HistoryJun 14, 2024 - 3:15 a.m.

CVE-2024-27142

2024-06-1403:15:10

CWE-776

ecc0f906-8666-484c-bcf8-c3b7520a72f0

web.nvd.nist.gov

toshiba

printers

xml

communication

api

endpoint

parsing

library

vulnerability

dos

xxe

information

products

models

versions.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

15.5%

JSON

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.

References

seclists.org/fulldisclosure/2024/Jul/1

jvn.jp/en/vu/JVNVU97136265/index.html

www.toshibatec.com/information/20240531_01.html

www.toshibatec.com/information/pdf/information20240531_01.pdf

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2024-27142