Printers Vulnerable to Authentication Bypass Attacks
CVE-2024-3496

8.8HIGH

Key Information:

Vendor: Toshiba
Status: Toshiba Tec E-studio Multi-function Peripheral (mfp)
Vendor: CVE Published:; 14 June 2024

Summary

The vulnerability presents a significant risk as attackers are able to bypass the web login authentication process of Toshiba printers, gaining unauthorized access to sensitive system information. Once access is achieved, it becomes possible for malicious actors to upload harmful drivers to the affected printers, which can lead to further security breaches and exploitation of the device's capabilities. Organizations utilizing these printers should prioritize updating their systems and ensuring appropriate security measures are in place to mitigate the potential risks associated with this vulnerability.

Affected Version(s)

Toshiba Tec e-Studio multi-function peripheral (MFP) Linux see the reference URL

References

https://www.toshibatec.com/information/20240531_01.html

https://www.toshibatec.com/information/pdf/information202...

https://jvn.jp/en/vu/JVNVU97136265/index.html

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Apr 9, 2024

Credit

We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products.