Description

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-276

Links
CPEs
  • toshiba printer

CVSS

CVSS version: 3.1 Base score: 7.4
Base severity: HIGH Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.4 Impact score: 5.9

Can you explain the CVE description?

This Common Vulnerabilities and Exposures (CVE) description is for CVE-2024-27148, which is a Local Privilege Escalation vulnerability affecting Toshiba printers. The vulnerability allows an attacker to remotely compromise any Toshiba printer. The Common Vulnerabilities and Exposures (CVE) system provides a reference URL for more information on the affected products, models, and versions. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.4, indicating a high severity level. The CVSS vector shows that the vulnerability has a base severity of HIGH, with an exploitability score of 1.4 and an impact score of 5.9. The vulnerability was published on June 14, 2024, and is classified as an EARLY_WARNING. The CVE description also includes links to additional resources for further information on the vulnerability and mitigation steps. The vulnerability is associated with CWE-276 and has a CVSS version of 3.1.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being used as a initial access point for an attacker to gain a foothold in a network. By exploiting the Local Privilege Escalation vulnerability in Toshiba printers, an attacker can gain elevated privileges on the compromised device. From there, the attacker can move laterally within the network, escalate their privileges further, and ultimately achieve their malicious objectives such as data exfiltration, sabotage, or further compromise of critical systems. This vulnerability can serve as a critical step in a larger attack chain that leads to a successful breach.


Generated on: 2024-07-05