CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-27145

Medium Severity
SVRS
30/100
CVSSv3
9.8/10
EPSS
0.00461/1

CVE-2024-27145 allows remote attackers to compromise Toshiba printers by exploiting file upload vulnerabilities in the admin web interface. This critical vulnerability enables attackers to overwrite insecure files, potentially gaining unauthorized access and control. Although difficult to exploit alone, its impact increases when combined with other vulnerabilities. The Toshiba printers are at risk.

While the CVSS score is high (9.8), SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a relatively lower immediate threat level based on the current threat landscape, nonetheless, remediation should be performed. This discrepancy suggests that while the technical impact is significant, active exploitation in the wild might be limited, or the associated threat actors are not actively targeting this vulnerability yet. Ignoring this vulnerability could lead to severe security breaches. Organizations using Toshiba printers should promptly investigate and apply necessary patches or mitigation measures.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-06-14
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-27145 is a critical vulnerability in Toshiba printers that allows remote attackers to compromise and overwrite insecure files. The vulnerability has a CVSS score of 9.8, indicating its high severity. However, the 'SOCRadar Vulnerability Risk Score' (SVRS) is 30, suggesting that the vulnerability is less severe than the CVSS score indicates. This is because the SVRS considers additional factors, such as social media chatter, news reports, and dark web data, which indicate that the vulnerability is not being actively exploited.

Key Insights

  • Remote Exploitation: Attackers can exploit this vulnerability remotely, allowing them to compromise printers without physical access.
  • File Overwriting: Attackers can overwrite insecure files on the printer, potentially leading to data loss or system damage.
  • Limited Exploitability: The vulnerability is difficult to execute alone and requires combination with other vulnerabilities.

Mitigation Strategies

  • Update Firmware: Toshiba has released firmware updates to address this vulnerability. Users should apply these updates as soon as possible.
  • Disable File Upload: If possible, disable file upload functionality on the printer's web interface.
  • Restrict Access: Limit access to the printer's web interface to authorized users only.
  • Monitor for Suspicious Activity: Monitor the printer for any suspicious activity, such as unauthorized file uploads or changes to system files.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: No active exploits have been published for this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
  • In the Wild: This vulnerability is not currently being exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-27145 | Toshiba Tec e-Studio Multi-Function Peripheral Admin Web Interface path traversal
vuldb.com2024-07-04
CVE-2024-27145 | Toshiba Tec e-Studio Multi-Function Peripheral Admin Web Interface path traversal | A vulnerability classified as critical was found in Toshiba Tec e-Studio Multi-Function Peripheral. Affected by this vulnerability is an unknown functionality of the component Admin Web Interface. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-27145. The attack can be launched remotely
cve-2024-27145
domains
urls
cves
Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities
Eswar2024-07-01
Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities | Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code execution, XML External Entity Injection (XXE), Privilege Escalation, Authentication credential leak, DOM-based XSS, Insecure Permissions, TOCTOU (Time-Of-Check to Time-Of-Use) conditions, […] The post Toshiba Multi-Function Printers Impacted by 40
cve-2024-27180
cve-2024-27148
cve-2024-27156
cve-2024-27176

Social Media

CVE-2024-27145 The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can over… https://t.co/0JVl7kI78F
0
0
0
[CVE-2024-27145: CRITICAL] Toshiba printers face a remote compromise risk. Attackers can overwrite files easily, affecting various models/versions. For more info, contact the provided link.#cybersecurity,#vulnerability https://t.co/2R6YdoIBSt
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
ECC0F906-8666-484C-BCF8-C3B7520A72F0https://jvn.jp/en/vu/JVNVU97136265/index.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0https://www.toshibatec.com/information/20240531_01.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0https://www.toshibatec.com/information/pdf/information20240531_01.pdf
ECC0F906-8666-484C-BCF8-C3B7520A72F0http://seclists.org/fulldisclosure/2024/Jul/1
ECC0F906-8666-484C-BCF8-C3B7520A72F0https://jvn.jp/en/vu/JVNVU97136265/index.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0https://www.toshibatec.com/information/20240531_01.html
ECC0F906-8666-484C-BCF8-C3B7520A72F0https://www.toshibatec.com/information/pdf/information20240531_01.pdf
GITHUBhttp://seclists.org/fulldisclosure/2024/Jul/1

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence