Toshiba Vulnerability: Remote Code Execution via Falsified Session ID
CVE-2024-27176

7.2HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

A vulnerability allows an attacker to execute remote code by exploiting a flaw in Toshiba’s Document Solutions. Through manipulation of session ID variables, an attacker can overwrite files, potentially leading to unauthorized operations on affected devices. This vulnerability poses a significant risk, particularly when combined with other existing vulnerabilities, potentially amplifying its impact. Precautions need to be taken by users of affected products to mitigate risks associated with this vulnerability, and additional information is available via Toshiba's contact points for further details.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products.