mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
135 lines
4.6 KiB
JSON
135 lines
4.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-27168",
|
|
"ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-798 Use of Hard-coded Credentials",
|
|
"cweId": "CWE-798"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Toshiba Tec Corporation",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "see the reference URL"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.toshibatec.com/information/20240531_01.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.toshibatec.com/information/20240531_01.html"
|
|
},
|
|
{
|
|
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf",
|
|
"refsource": "MISC",
|
|
"name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
|
|
},
|
|
{
|
|
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
|
|
"refsource": "MISC",
|
|
"name": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2024/Jul/1",
|
|
"refsource": "MISC",
|
|
"name": "http://seclists.org/fulldisclosure/2024/Jul/1"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "We are not aware of any malicious exploitation by these vulnerabilities.<br>"
|
|
}
|
|
],
|
|
"value": "We are not aware of any malicious exploitation by these vulnerabilities."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "This issue is fixed in the version released on June 14, 2024 and all later versions.<br>"
|
|
}
|
|
],
|
|
"value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.1,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |