Description

All the Toshiba printers share the same hardcoded root password. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-1392

Links
CPEs
  • toshiba printer

CVSS

CVSS version: 3.1 Base score: 7.4
Base severity: HIGH Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 1.4 Impact score: 5.9

Can you explain the CVE description?

This CVE description is for a vulnerability with the identifier CVE-2024-27158. The vulnerability affects all Toshiba printers as they share the same hardcoded root password. This means that anyone with knowledge of this password can potentially gain unauthorized access to these printers. The CVSS score for this vulnerability is 7.4, indicating a high severity level. The vendor and product information is not specified in the description. The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. The CWE (Common Weakness Enumeration) associated with this vulnerability is CWE-1392. There are several reference URLs provided for more information about this vulnerability, including links to the Japan Vulnerability Notes (JVN) website and Toshibas official information page. The exploitability score is 1.4 and the impact score is 5.9. The vector CVSS (Common Vulnerability Scoring System) shows the different aspects of the vulnerability, such as the access vector, access complexity, and the impact on confidentiality, integrity, and availability. Overall, this vulnerability poses a significant risk to the security of Toshiba printers and should be addressed promptly by the vendor.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by allowing an attacker to easily gain unauthorized access to all Toshiba printers that share the hardcoded root password. With this access, the attacker could potentially launch further attacks such as installing malicious firmware or conducting reconnaissance on the network. This could lead to a variety of consequences including data theft, disruption of printing services, or even complete compromise of the network.


Generated on: 2024-07-05