CVE-2024-3496
Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL.
Los atacantes pueden eludir el proceso de autenticación de inicio de sesión web para obtener acceso a la información del sistema de la impresora y cargar controladores maliciosos en la impresora. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia.
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the authentication mechanism. The issue results from improper session management. An attacker can leverage this vulnerability to bypass authentication on the system.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-04-09 CVE Reserved
- 2024-06-14 CVE Published
- 2024-06-14 EPSS Updated
- 2024-08-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
- CAPEC-115: Authentication Bypass
References (3)
URL | Tag | Source |
---|---|---|
https://jvn.jp/en/vu/JVNVU97136265/index.html | ||
https://www.toshibatec.com/information/20240531_01.html | ||
https://www.toshibatec.com/information/pdf/information20240531_01.pdf |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Toshiba Tec Corporation Search vendor "Toshiba Tec Corporation" | Toshiba Tec E-Studio Multi-function Peripheral (MFP) Search vendor "Toshiba Tec Corporation" for product "Toshiba Tec E-Studio Multi-function Peripheral (MFP)" | * | en |
Affected
|