mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
135 lines
4.6 KiB
JSON
135 lines
4.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-27151",
|
|
"ASSIGNER": "hdq-toshiba-psirt@ml.toshiba.co.jp",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-276 Incorrect Default Permissions",
|
|
"cweId": "CWE-276"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Toshiba Tec Corporation",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "see the reference URL"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.toshibatec.com/information/20240531_01.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.toshibatec.com/information/20240531_01.html"
|
|
},
|
|
{
|
|
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf",
|
|
"refsource": "MISC",
|
|
"name": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
|
|
},
|
|
{
|
|
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
|
|
"refsource": "MISC",
|
|
"name": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2024/Jul/1",
|
|
"refsource": "MISC",
|
|
"name": "http://seclists.org/fulldisclosure/2024/Jul/1"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "We are not aware of any malicious exploitation by these vulnerabilities.<br>"
|
|
}
|
|
],
|
|
"value": "We are not aware of any malicious exploitation by these vulnerabilities."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "This issue is fixed in the version released on June 14, 2024 and all later versions.<br>"
|
|
}
|
|
],
|
|
"value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.4,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |