Description

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-250

Links
CPEs
  • toshiba printer

CVSS

CVSS version: 3.1 Base score: 7.4
Base severity: HIGH Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.4 Impact score: 5.9

Can you explain the CVE description?

This CVE description is about a vulnerability with the identifier CVE-2024-27147 that affects Toshiba printers. The vulnerability is a Local Privilege Escalation issue, which means that an attacker can exploit it to gain higher privileges on the affected printer remotely. The CVSS score for this vulnerability is 7.4, indicating a high severity level. The description mentions that more details about the affected products, models, and versions can be found in the reference URLs provided. The status of this CVE is EARLY_WARNING, and it was published on June 14, 2024. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-250. There are several URLs provided for further information and resources related to this vulnerability, including advisories from JVN and Toshiba. The base severity is classified as HIGH, and the CVSS vector shows the attack complexity, privileges required, user interaction, scope, confidentiality, integrity, and availability impact. The exploitability score for this vulnerability is 1.4, and the impact score is 5.9. The assigner of this CVE is identified as ecc0f906-8666-484c-bcf8-c3b7520a72f0.

How can this vulnerability be part of an attack tree?

One possible way this vulnerability could be part of an attack tree is by an attacker exploiting the Local Privilege Escalation vulnerability in Toshiba printers to gain elevated privileges on the targeted system. From there, the attacker could potentially execute malicious commands, access sensitive information, disrupt operations, or even pivot to other systems within the network. This could lead to further compromise of the organizations infrastructure, data breaches, financial loss, reputation damage, and other serious consequences.


Generated on: 2024-07-05