CVE-2024-27144 - Vulnerability Details

Description

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.
https://www.toshibatec.com/contacts/products/
As for the affected products/models/versions, see the reference URL.

Published: 2024-06-14

Score: 9.8 Critical

EPSS: 1.6% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Toshiba Tec Corporation

Toshiba Tec e-Studio multi-function peripheral (MFP)

unaffected

Version	Status	Constraints
`see the reference URL`	affected	—

No data.

No data available yet.

Remediation

Vendor Solution

This issue is fixed in the version released on June 14, 2024 and all later versions.

Vendor Workaround

When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-24385	The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01602.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/1
https://jvn.jp/en/vu/JVNVU97136265/index.html
https://www.toshibatec.com/information/20240531_01.html
https://www.toshibatec.com/information/pdf/information20240531_01.pdf

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Toshibatec Toshibatec e-studio-2010-ac Toshibatec e-studio-2015-nc Toshibatec e-studio-2018 A Toshibatec e-studio-2020 Ac Toshibatec e-studio-2021 Ac Toshibatec e-studio-2110-ac Toshibatec e-studio-2510-ac Toshibatec e-studio-2515-nc Toshibatec e-studio-2518 A Toshibatec e-studio-2520 Nc Toshibatec e-studio-2521 Ac Toshibatec e-studio-2525 Ac Toshibatec e-studio-2528-a Toshibatec e-studio-2610-ac Toshibatec e-studio-2615-nc Toshibatec e-studio-2618 A Toshibatec e-studio-3015-nc Toshibatec e-studio-3018 A Toshibatec e-studio-3025 Ac Toshibatec e-studio-3028-a Toshibatec e-studio-3115-nc Toshibatec e-studio-3118 A Toshibatec e-studio-3118 Ag Toshibatec e-studio-330-ac Toshibatec e-studio-3515-nc Toshibatec e-studio-3525 Ac Toshibatec e-studio-3525 Acg Toshibatec e-studio-3528-a Toshibatec e-studio-3528-ag Toshibatec e-studio-3615-nc Toshibatec e-studio-400-ac Toshibatec e-studio-4515 Ac Toshibatec e-studio-4525 Ac Toshibatec e-studio-4528-a Toshibatec e-studio-4528-ag Toshibatec e-studio-4615 Ac Toshibatec e-studio-5015 Ac Toshibatec e-studio-5115 Ac Toshibatec e-studio-5525 Ac Toshibatec e-studio-5525 Acg Toshibatec e-studio-5528-a Toshibatec e-studio-6525 Ac Toshibatec e-studio-6525 Acg Toshibatec e-studio-6526-ac Toshibatec e-studio-6527-ac Toshibatec e-studio-6528-a Toshibatec e-studio-6529-a Toshibatec e-studio-7527-ac Toshibatec e-studio-7529-a Toshibatec e-studio-9029-a
CPEs		cpe:2.3:h:toshibatec:e-studio-2010-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2015-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-2018_a:-:::::::* cpe:2.3:h:toshibatec:e-studio-2020_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2021_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2110-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2510-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2515-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-2518_a:-:::::::* cpe:2.3:h:toshibatec:e-studio-2520_nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-2521_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2525_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2528-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-2610-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-2615-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-2618_a:-:::::::* cpe:2.3:h:toshibatec:e-studio-3015-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-3018_a:-:::::::* cpe:2.3:h:toshibatec:e-studio-3025_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-3028-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-3115-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-3118_a:-:::::::* cpe:2.3:h:toshibatec:e-studio-3118_ag:-:::::::* cpe:2.3:h:toshibatec:e-studio-330-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-3515-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-3525_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-3525_acg:-:::::::* cpe:2.3:h:toshibatec:e-studio-3528-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-3528-ag:-:::::::* cpe:2.3:h:toshibatec:e-studio-3615-nc:-:::::::* cpe:2.3:h:toshibatec:e-studio-400-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-4515_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-4525_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-4528-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-4528-ag:-:::::::* cpe:2.3:h:toshibatec:e-studio-4615_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-5015_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-5115_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-5525_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-5525_acg:-:::::::* cpe:2.3:h:toshibatec:e-studio-5528-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-6525_ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-6525_acg:-:::::::* cpe:2.3:h:toshibatec:e-studio-6526-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-6527-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-6528-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-6529-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-7527-ac:-:::::::* cpe:2.3:h:toshibatec:e-studio-7529-a:-:::::::* cpe:2.3:h:toshibatec:e-studio-9029-a:-:::::::*
Vendors & Products		Toshibatec Toshibatec e-studio-2010-ac Toshibatec e-studio-2015-nc Toshibatec e-studio-2018 A Toshibatec e-studio-2020 Ac Toshibatec e-studio-2021 Ac Toshibatec e-studio-2110-ac Toshibatec e-studio-2510-ac Toshibatec e-studio-2515-nc Toshibatec e-studio-2518 A Toshibatec e-studio-2520 Nc Toshibatec e-studio-2521 Ac Toshibatec e-studio-2525 Ac Toshibatec e-studio-2528-a Toshibatec e-studio-2610-ac Toshibatec e-studio-2615-nc Toshibatec e-studio-2618 A Toshibatec e-studio-3015-nc Toshibatec e-studio-3018 A Toshibatec e-studio-3025 Ac Toshibatec e-studio-3028-a Toshibatec e-studio-3115-nc Toshibatec e-studio-3118 A Toshibatec e-studio-3118 Ag Toshibatec e-studio-330-ac Toshibatec e-studio-3515-nc Toshibatec e-studio-3525 Ac Toshibatec e-studio-3525 Acg Toshibatec e-studio-3528-a Toshibatec e-studio-3528-ag Toshibatec e-studio-3615-nc Toshibatec e-studio-400-ac Toshibatec e-studio-4515 Ac Toshibatec e-studio-4525 Ac Toshibatec e-studio-4528-a Toshibatec e-studio-4528-ag Toshibatec e-studio-4615 Ac Toshibatec e-studio-5015 Ac Toshibatec e-studio-5115 Ac Toshibatec e-studio-5525 Ac Toshibatec e-studio-5525 Acg Toshibatec e-studio-5528-a Toshibatec e-studio-6525 Ac Toshibatec e-studio-6525 Acg Toshibatec e-studio-6526-ac Toshibatec e-studio-6527-ac Toshibatec e-studio-6528-a Toshibatec e-studio-6529-a Toshibatec e-studio-7527-ac Toshibatec e-studio-7529-a Toshibatec e-studio-9029-a
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Toshibatec E-studio-2010-ac E-studio-2015-nc E-studio-2018 A E-studio-2020 Ac E-studio-2021 Ac E-studio-2110-ac E-studio-2510-ac E-studio-2515-nc E-studio-2518 A E-studio-2520 Nc E-studio-2521 Ac E-studio-2525 Ac E-studio-2528-a E-studio-2610-ac E-studio-2615-nc E-studio-2618 A E-studio-3015-nc E-studio-3018 A E-studio-3025 Ac E-studio-3028-a E-studio-3115-nc E-studio-3118 A E-studio-3118 Ag E-studio-330-ac E-studio-3515-nc E-studio-3525 Ac E-studio-3525 Acg E-studio-3528-a E-studio-3528-ag E-studio-3615-nc E-studio-400-ac E-studio-4515 Ac E-studio-4525 Ac E-studio-4528-a E-studio-4528-ag E-studio-4615 Ac E-studio-5015 Ac E-studio-5115 Ac E-studio-5525 Ac E-studio-5525 Acg E-studio-5528-a E-studio-6525 Ac E-studio-6525 Acg E-studio-6526-ac E-studio-6527-ac E-studio-6528-a E-studio-6529-a E-studio-7527-ac E-studio-7529-a E-studio-9029-a

MITRE

Status: PUBLISHED

Assigner: Toshiba

Published: 2024-06-14T02:31:58.131Z

Updated: 2025-02-13T17:41:22.725Z

Reserved: 2024-02-21T02:11:53.250Z

Link: CVE-2024-27144

Vulnrichment

Updated: 2024-08-02T00:27:59.447Z

NVD

Status : Awaiting Analysis

Published: 2024-06-14T03:15:10.483

Modified: 2024-11-21T09:03:56.553

Link: CVE-2024-27144

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object