Description

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-276

Links
CPEs
  • toshiba printer

CVSS

CVSS version: 3.1 Base score: 7.4
Base severity: HIGH Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.4 Impact score: 5.9

Can you explain the CVE description?

This CVE description is for a vulnerability with the identifier CVE-2024-27153 that affects Toshiba printers. The vulnerability allows for a Local Privilege Escalation, which means that an attacker can remotely compromise any Toshiba printer. The CVSS score for this vulnerability is 7.4, indicating a high severity level. The CWE associated with this vulnerability is CWE-276. The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. The exploitability score is 1.4 and the impact score is 5.9. The vector CVSS for this vulnerability is AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited with local access, high attack complexity, no privileges required, no user interaction, scope unchanged, and high confidentiality, integrity, and availability impact. There are several reference URLs provided for more information on the vulnerability and affected products.

How can this vulnerability be part of an attack tree?

One possible way this vulnerability could be part of an attack tree is by an attacker exploiting the Local Privilege Escalation vulnerability in Toshiba printers to gain elevated privileges on the compromised device. From there, the attacker could potentially execute further attacks such as installing malware, exfiltrating sensitive data, or launching additional attacks on other devices within the network. This could lead to a significant impact on the confidentiality, integrity, and availability of the affected systems and data.


Generated on: 2024-07-05