"value":"Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. An attacker can exploit the XXE to retrieve information.\u00a0As for the affected products/models/versions, see the reference URL."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')",
"value":"When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.<br>"
}
],
"value":"When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."
}
],
"exploit":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"We are not aware of any malicious exploitation by these vulnerabilities.<br>"
}
],
"value":"We are not aware of any malicious exploitation by these vulnerabilities."
}
],
"solution":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"This issue is fixed in the version released on June 14, 2024 and all later versions.<br>"
}
],
"value":"This issue is fixed in the version released on June 14, 2024 and all later versions."
}
],
"credits":[
{
"lang":"en",
"value":"We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
