CVE-2024-3498

Published: Jun 14, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: ecc0f906-8666-484c-bcf8-c3b7520a72f0 (Secondary)

Description

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.

Related CWEs

CWE-250

Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References (6)

https://jvn.jp/en/vu/JVNVU97136265/index.html

Source: ecc0f906-8666-484c-bcf8-c3b7520a72f0

https://www.toshibatec.com/information/20240531_01.html

Source: ecc0f906-8666-484c-bcf8-c3b7520a72f0

https://www.toshibatec.com/information/pdf/information20240531_01.pdf

Source: ecc0f906-8666-484c-bcf8-c3b7520a72f0

https://jvn.jp/en/vu/JVNVU97136265/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.toshibatec.com/information/20240531_01.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.toshibatec.com/information/pdf/information20240531_01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.