Description

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-276

Links
CPEs
  • toshiba printer

CVSS

CVSS version: 3.1 Base score: 7.7
Base severity: HIGH Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability score: 2.5 Impact score: 5.2

Can you explain the CVE description?

This CVE description is about a vulnerability identified as CVE-2024-27155 affecting Toshiba printers. The vulnerability is related to Local Privilege Escalation, which means that an attacker can exploit it to gain higher privileges on the affected device. This vulnerability allows attackers to remotely compromise any Toshiba printer by replacing legitimate programs with malicious ones. The CVSS score for this vulnerability is 7.7, indicating a high severity level. The CWE associated with this vulnerability is CWE-276. The vendor and product information is not specified in the description, but the affected products/models/versions can be found in the reference URLs provided. The status of this vulnerability is EARLY_WARNING, and it was published on June 14, 2024. The exploitability score is 2.5 and the impact score is 5.2, both indicating a significant risk associated with this vulnerability. Users are advised to refer to the provided URLs for more information and updates regarding this vulnerability.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being used as an initial entry point for an attacker to gain unauthorized access to the Toshiba printers. Once the attacker has compromised the printer, they can then escalate their privileges locally on the device, giving them greater control and potentially allowing them to execute malicious programs. This could lead to further exploitation of the printer or the network it is connected to, resulting in data theft, disruption of services, or other malicious activities.


Generated on: 2024-07-05