Attackers Can Exploit Remote Command Program Vulnerabilities for Remote Code Execution
CVE-2024-27172

9.8CRITICAL

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

The vulnerability in Toshiba's Remote Command program exposes the affected systems to the risk of unauthorized remote code execution. Attackers could exploit this flaw to execute arbitrary commands on compromised devices, potentially leading to a complete system takeover. The vulnerability is inherent in the way the program processes user inputs, allowing an attacker to send specially crafted requests that can manipulate the execution flow. Organizations using affected versions of the Remote Command Program should review their security measures and apply any available patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.