Toshiba Printers Vulnerable to Confidential Information Theft
CVE-2024-27166

7.4HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

Toshiba printers have been identified as having a security vulnerability due to incorrect permissions set on core dump binaries. This misconfiguration can potentially allow a local attacker to gain unauthorized access to sensitive and confidential information stored within the printer system. The lack of proper access controls serves as a significant risk, making it crucial for users and administrators to address this issue promptly. For more detailed information, please refer to the documentation provided by Toshiba and various security advisories.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.