SB20240620128 - Multiple vulnerabilities in Toshiba Tec MFPs
Published: June 20, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 vulnerabilities.
1) Use of hard-coded credentials (CVE-ID: CVE-2024-27170)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can decrypt the encrypted files using the hardcoded key.
2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-27156)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local attacker can read the log files and gain access to sensitive data.
3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-27157)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local attacker can read the log files and gain access to sensitive data.
4) Unprotected storage of credentials (CVE-ID: CVE-2024-27166)
CWE-ID: CWE-256 - Unprotected Storage of Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A local attacker can view contents of the configuration file and gain access to passwords for 3rd party integration.
5) Debug Messages Revealing Unnecessary Information (CVE-ID: CVE-2024-27179)
CWE-ID: CWE-1295 - Debug Messages Revealing Unnecessary Information
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to admin cookies are written in clear-text in logs. A local user can retrieve them and bypass the authentication mechanism.
6) Use of default credentials (CVE-ID: CVE-2024-27158)
CWE-ID: CWE-1392 - Use of Default Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of default administrative credentials. A remote attacker can use default credentials to compromise the affected device.
7) Use of hard-coded credentials (CVE-ID: CVE-2024-27159)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can decrypt the encrypted files using the hardcoded key.
8) Use of hard-coded credentials (CVE-ID: CVE-2024-27160)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can decrypt the encrypted files using the hardcoded key.
9) Use of hard-coded credentials (CVE-ID: CVE-2024-27161)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can decrypt the encrypted files using the hardcoded key.
10) Use of hard-coded credentials (CVE-ID: CVE-2024-27168)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can decrypt the encrypted files using the hardcoded key.
11) Use of Hard-coded Password (CVE-ID: CVE-2024-27164)
CWE-ID: CWE-259 - Use of Hard-coded Password
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to use a hard-coded password. A local attacker can gain access to sensitive information.
12) Path traversal (CVE-ID: CVE-2024-27178)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
13) Cross-site scripting (CVE-ID: CVE-2024-27162)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
14) Cleartext transmission of sensitive information (CVE-ID: CVE-2024-27163)
CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data.
15) Least Privilege Violation (CVE-ID: CVE-2024-27165)
CWE-ID: CWE-272 - Least Privilege Violation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to least privilege violation. A local user can execute arbitrary code on the target system.
16) Missing Authentication for Critical Function (CVE-ID: CVE-2024-27169)
CWE-ID: CWE-306 - Missing Authentication for Critical Function
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function. A local attacker can bypass authentication process and access the administrative interface.
17) OS Command Injection (CVE-ID: CVE-2024-27172)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) External Control of File Name or Path (CVE-ID: CVE-2024-27175)
CWE-ID: CWE-73 - External Control of File Name or Path
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read arbitrary files.
The vulnerability exists due to application allows an attacker to control path of the files to read. A remote attacker can send a specially crafted HTTP request and read any file on the printer.
19) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-27180)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition. A local attacker can cause a race condition and alter the information
20) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2024-3496)
CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to authentication bypass using an alternate path or channel. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
21) Path traversal (CVE-ID: CVE-2024-3497)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker on the local network can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
22) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-27154)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local attacker can read the log files and gain access to sensitive data.
23) Path traversal (CVE-ID: CVE-2024-27177)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
24) Incorrect default permissions (CVE-ID: CVE-2024-27150)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
25) XML Entity Expansion (CVE-ID: CVE-2024-27141)
CWE-ID: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial o service (DoS) attack.
The vulnerability exists due to improper restrictions on XML entities. A remote attacker can send a specially crafted HTTP request and cause a denial of service condition on the target system.
26) XML Entity Expansion (CVE-ID: CVE-2024-27142)
CWE-ID: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial o service (DoS) attack.
The vulnerability exists due to improper restrictions on XML entities. A remote attacker can send a specially crafted HTTP request and cause a denial of service condition on the target system.
27) Execution with unnecessary privileges (CVE-ID: CVE-2024-27143)
CWE-ID: CWE-250 - Execution with Unnecessary Privileges
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can execute arbitrary code on the system with root privileges.
28) Execution with unnecessary privileges (CVE-ID: CVE-2024-27146)
CWE-ID: CWE-250 - Execution with Unnecessary Privileges
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can execute arbitrary code on the system with root privileges.
29) Execution with unnecessary privileges (CVE-ID: CVE-2024-27147)
CWE-ID: CWE-250 - Execution with Unnecessary Privileges
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can execute arbitrary code on the system with root privileges.
30) Execution with unnecessary privileges (CVE-ID: CVE-2024-3498)
CWE-ID: CWE-250 - Execution with Unnecessary Privileges
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can execute arbitrary code on the system with root privileges.
31) Incorrect default permissions (CVE-ID: CVE-2024-27148)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
32) Incorrect default permissions (CVE-ID: CVE-2024-27149)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
33) Incorrect default permissions (CVE-ID: CVE-2024-27151)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
34) Path traversal (CVE-ID: CVE-2024-27176)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
35) Incorrect default permissions (CVE-ID: CVE-2024-27152)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
36) Incorrect default permissions (CVE-ID: CVE-2024-27153)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
37) Incorrect default permissions (CVE-ID: CVE-2024-27155)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
38) Incorrect default permissions (CVE-ID: CVE-2024-27167)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
39) Incorrect default permissions (CVE-ID: CVE-2024-27171)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local attacker can execute arbitrary code on the target system.
40) Path traversal (CVE-ID: CVE-2024-27144)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
41) Path traversal (CVE-ID: CVE-2024-27145)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
42) Path traversal (CVE-ID: CVE-2024-27173)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
43) Path traversal (CVE-ID: CVE-2024-27174)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
Remediation
Install update from vendor's website.