CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27148 – Local Privilege Escalation and Remote Code Execution using insecure PATH
https://notcve.org/view.php?id=CVE-2024-27148
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba son afectadas por una vulnerabilidad de escalada de privilegios local. Un atacante puede comprometer de forma remota cualquier impresora Toshiba. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27147 – Local Privilege Escalation and Remote Code Execution using snmpd
https://notcve.org/view.php?id=CVE-2024-27147
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba son afectadas por una vulnerabilidad de escalada de privilegios local. Un atacante puede comprometer de forma remota cualquier impresora Toshiba. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27146 – Lack of privileges separation
https://notcve.org/view.php?id=CVE-2024-27146
The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL. Las impresoras Toshiba no implementan la separación de privilegios. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia. 103 models of Toshiba Multi-Function Printers (MFP) are vulnerable to 40 different vulnerabilities including remote code execution, local privilege escalation, xml injection, and more. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-250: Execution with Unnecessary Privileges •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27145 – Multiple Post-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27145
The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27144 – Pre-authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-27144
The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. • http://seclists.org/fulldisclosure/2024/Jul/1 https://jvn.jp/en/vu/JVNVU97136265/index.html https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions •