Toshiba Remote Command Vulnerability Allows for Remote Code Execution
CVE-2024-27174

9.8CRITICAL

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

The vulnerability in the Toshiba Remote Command Program enables an attacker to execute remote code under specific conditions. While this vulnerability is difficult to exploit independently, it can be leveraged in combination with other vulnerabilities, potentially amplifying its impact. This complex exploit situation implies that attackers must possess a nuanced understanding of the underlying systems in order to successfully execute malicious commands. For more detailed information about this vulnerability and any related concerns, please contact Toshiba support.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.