Description

Toshiba printers contain hardcoded credentials. As for the affected productsmodelsversions, see the reference URL.

Classification

Assigner: ecc0f906-8666-484c-bcf8-c3b7520a72f0

CWE: CWE-259

Links
CPEs
  • toshiba printer -

CVSS

CVSS version: 3.1 Base score: 7.1
Base severity: HIGH Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Exploitability score: 2.5 Impact score: 4.0

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-27164, which affects Toshiba printers. The vulnerability involves the presence of hardcoded credentials in the printers, which could potentially be exploited by attackers to gain unauthorized access to the devices. The CVSS score for this vulnerability is 7.1, indicating a high severity level. The description advises users to refer to specific URLs provided for more information on the affected products, models, and versions. The vulnerability was published on June 14, 2024, and is classified as an EARLY_WARNING issue. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-259. Several URLs are provided for reference, including links to the Japan Vulnerability Notes (JVN) website and official Toshiba announcements regarding the vulnerability. The CVSS vector details the attack complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact. The base severity of this vulnerability is rated as HIGH, with an exploitability score of 2.5 and an impact score of 4.0. The vulnerability was last modified on June 14, 2024, and the assigner of the CVE identifier is identified as ecc0f906-8666-484c-bcf8-c3b7520a72f0.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by an attacker leveraging the hardcoded credentials in Toshiba printers to gain unauthorized access to the printers settings or network. The attacker could potentially use the hardcoded credentials to log in to the printers administrative interface and make malicious configuration changes, install unauthorized firmware or software, or launch further attacks within the network. By exploiting this vulnerability, the attacker could compromise the confidentiality, integrity, and availability of the printer and potentially the entire network it is connected to. This could lead to data theft, disruption of services, or even complete network takeover by the attacker.


Generated on: 2024-07-05