CVERadar

CVE-2024-27144

Medium Severity

SVRS

30/100

CVSSv3

9.8/10

EPSS

0.00924/1

CVE-2024-27144: Toshiba printers are vulnerable to remote compromise via file upload vulnerabilities. This allows attackers to overwrite insecure files, leading to a local privilege escalation. The vulnerability allows both local and remote attackers to replace legitimate programs with malicious ones. While the CVSS score is 9.8, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a lower level of immediate threat despite the high CVSS. Exploitation is potentially complex, often requiring combination with other vulnerabilities. Despite the lower SVRS, organizations should monitor for related threats given the potential for significant privilege escalation. This CVE poses a risk of unauthorized system control and data compromise on affected Toshiba printer models.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-06-14

LAST MODIFIED2025-02-13

SOCRadar

AI Insight

Description

CVE-2024-27144 is a critical vulnerability affecting Toshiba printers, allowing attackers to upload files without authentication and escalate privileges remotely. The SVRS of 30 indicates a moderate risk, highlighting the need for prompt attention.

Key Insights

Unrestricted File Upload: Attackers can upload malicious files to the printer's web interface, potentially compromising the device and its connected systems.
Local Privilege Escalation: The vulnerability enables attackers to gain elevated privileges on the printer, allowing them to execute arbitrary code and control the device.
Remote Exploitation: The vulnerability can be exploited remotely, allowing attackers to target printers from anywhere with internet access.

Mitigation Strategies

Apply Firmware Updates: Toshiba has released firmware updates to address this vulnerability. Install the latest updates as soon as possible.
Disable Unnecessary Services: Disable any unnecessary web services or ports on the printer to reduce the attack surface.
Implement Network Segmentation: Segment the printer network from other critical systems to limit the potential impact of an attack.
Monitor for Suspicious Activity: Regularly monitor printer logs and network traffic for any suspicious activity that may indicate an attack.

Additional Information

Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
Exploit Status: Active exploits have not been published.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: The vulnerability is not currently being actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-27144 | Toshiba Tec e-Studio Multi-Function Peripheral path traversal

vuldb.com2024-07-04

CVE-2024-27144 | Toshiba Tec e-Studio Multi-Function Peripheral path traversal | A vulnerability, which was classified as very critical, was found in Toshiba Tec e-Studio Multi-Function Peripheral. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-27144. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected

cve-2024-27144

domains

urls

cves

Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities

Eswar2024-07-01

Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities | Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code execution, XML External Entity Injection (XXE), Privilege Escalation, Authentication credential leak, DOM-based XSS, Insecure Permissions, TOCTOU (Time-Of-Check to Time-Of-Use) conditions, […] The post Toshiba Multi-Function Printers Impacted by 40

cve-2024-27180

cve-2024-27148

cve-2024-27156

cve-2024-27176

Social Media

CVE

@CVEnew

2024-06-14

CVE-2024-27144 The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshib… https://t.co/VESo3QCwnJ

CVEFind.com

@CveFindCom

2024-06-14

[CVE-2024-27144: CRITICAL] Toshiba printers have significant security vulnerabilities allowing unauthorized access and remote exploitation. Vulnerability details available at [link].#cybersecurity,#vulnerability https://t.co/LTd1cgA6Rj

Affected Software

No affected software found for this CVE

References

Reference	Link
ECC0F906-8666-484C-BCF8-C3B7520A72F0	https://jvn.jp/en/vu/JVNVU97136265/index.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0	https://www.toshibatec.com/information/20240531_01.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0	https://www.toshibatec.com/information/pdf/information20240531_01.pdf
ECC0F906-8666-484C-BCF8-C3B7520A72F0	http://seclists.org/fulldisclosure/2024/Jul/1
ECC0F906-8666-484C-BCF8-C3B7520A72F0	https://jvn.jp/en/vu/JVNVU97136265/index.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0	https://www.toshibatec.com/information/20240531_01.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0	https://www.toshibatec.com/information/pdf/information20240531_01.pdf
GITHUB	http://seclists.org/fulldisclosure/2024/Jul/1

CWE Details

CWE ID	CWE Name	Description
CWE-276	Incorrect Default Permissions	During installation, installed file permissions are set to allow anyone to modify those files.
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence