CVE-2024-27168 – Hardcoded keys used to generate authentication cookies
https://notcve.org/view.php?id=CVE-2024-27168
It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL. Parece que algunas claves codificadas se utilizan para la autenticación en la API interna. Conocer estas claves privadas puede permitir a los atacantes eludir la autenticación y llegar a las interfaces administrativas. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-798: Use of Hard-coded Credentials •
CVE-2024-27167 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27167
Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba utilizan Sendmail para enviar correos electrónicos a los destinatarios. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •
CVE-2024-27166 – Insecure permissions
https://notcve.org/view.php?id=CVE-2024-27166
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. Los archivos binarios de Coredump en las impresoras Toshiba tienen permisos incorrectos. Un atacante local puede robar información confidencial. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-256: Plaintext Storage of a Password CWE-276: Incorrect Default Permissions CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2024-27165 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-27165
Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba contienen un binario suidperl y tienen una vulnerabilidad de escalada de privilegios locales. Un atacante local puede obtener privilegios de root. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-272: Least Privilege Violation •
CVE-2024-27164 – Hardcoded credentials
https://notcve.org/view.php?id=CVE-2024-27164
Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba contienen credenciales codificadas. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-259: Use of Hard-coded Password •