CVE-2024-27163

Leak of admin password and passwords

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.
https://www.toshibatec.com/contacts/products/
As for the affected products/models/versions, see the reference URL.

Las impresoras Toshiba mostrarán la contraseña del usuario administrador en texto plano y contraseñas adicionales al enviar 2 solicitudes HTTP específicas a la API interna. Un atacante que roba la cookie de un administrador o abusa de una vulnerabilidad XSS puede recuperar esta contraseña en texto plano y comprometer la impresora. Esta vulnerabilidad se puede ejecutar en combinación con otras vulnerabilidades y es difícil de ejecutar sola. Por lo tanto, la puntuación CVSS para esta vulnerabilidad por sí sola es inferior a la puntuación que figura en la "Puntuación base" de esta vulnerabilidad. Para obtener detalles sobre otras vulnerabilidades relacionadas, consulte al siguiente punto de contacto. https://www.toshibatec.com/contacts/products/ En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia.

*Credits: We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.

CVSS Scores

Toshiba Corporationv3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-21 CVE Reserved
2024-06-14 CVE Published
2024-06-14 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

CAPEC-158: Sniffing Network Traffic

References (4)

URL	Tag	Source
http://seclists.org/fulldisclosure/2024/Jul/1
https://jvn.jp/en/vu/JVNVU97136265/index.html
https://www.toshibatec.com/information/20240531_01.html
https://www.toshibatec.com/information/pdf/information20240531_01.pdf

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Toshiba Tec Corporation Search vendor "Toshiba Tec Corporation"		Toshiba Tec E-Studio Multi-function Peripheral (MFP) Search vendor "Toshiba Tec Corporation" for product "Toshiba Tec E-Studio Multi-function Peripheral (MFP)"				*		en		Affected