CVE-2024-3497 - OpenCVE

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://jvn.jp/en/vu/JVNVU97136265/index.html
https://www.toshibatec.com/information/20240531_01.html
https://www.toshibatec.com/information/pdf/information20240531_01.pdf

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Toshiba

Published: 2024-06-14T04:17:56.164Z

Updated: 2024-06-14T19:56:02.352Z

Reserved: 2024-04-09T00:59:38.974Z

Link: CVE-2024-3497

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-14T05:15:48.953

Modified: 2024-06-17T12:42:04.623

Link: CVE-2024-3497

JSON object: View

Redhat Information

No data.

CWE

CWE-23

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3497", "assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0", "state": "PUBLISHED", "assignerShortName": "Toshiba", "dateReserved": "2024-04-09T00:59:38.974Z", "datePublished": "2024-06-14T04:17:56.164Z", "dateUpdated": "2024-06-14T19:56:02.352Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)", "vendor": "Toshiba Tec Corporation", "versions": [{"status": "affected", "version": "see the reference URL"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "If user authentication is disabled.<br>"}], "value": "If user authentication is disabled."}], "credits": [{"lang": "en", "type": "finder", "value": "We expresses its gratitude to Zhenhua Huang, Harry Zhang and Minmin Li for reporting relevant security vulnerabilities for our products."}], "datePublic": "2024-06-14T02:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL."}], "value": "Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We are not aware of any malicious exploitation by these vulnerabilities.<br>"}], "value": "We are not aware of any malicious exploitation by these vulnerabilities."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0", "shortName": "Toshiba", "dateUpdated": "2024-06-14T04:17:56.164Z"}, "references": [{"url": "https://www.toshibatec.com/information/20240531_01.html"}, {"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"}, {"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.<br>"}], "value": "This issue is fixed in the version released on June 14, 2024 and all later versions."}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2024-06-14T02:00:00.000Z", "value": "Fixes will be released"}], "title": "Directory Traversal Remote Code Execution Vulnerability", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.<br>"}], "value": "When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "toshibatec", "product": "e-studio-2521_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2521_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2020_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2020_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2520_nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2520_nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2021_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2021_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2525_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2525_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3025_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3025_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3525_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3525_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3525_acg", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3525_acg:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-4525_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-4525_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-5525_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-5525_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-5525_acg", "cpes": ["cpe:2.3:h:toshibatec:e-studio-5525_acg:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-6525_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-6525_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-6525_acg", "cpes": ["cpe:2.3:h:toshibatec:e-studio-6525_acg:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2528-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2528-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3028-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3028-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3528-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3528-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3528-ag", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3528-ag:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-4528-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-4528-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-4528-ag", "cpes": ["cpe:2.3:h:toshibatec:e-studio-4528-ag:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-5528-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-5528-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-6528-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-6528-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-6526-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-6526-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-6527-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-6527-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-7527-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-7527-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-6529-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-6529-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-7529-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-7529-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-9029-a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-9029-a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-330-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-330-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-400-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-400-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2010-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2010-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2110-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2110-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2510-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2510-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2610-ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2610-ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2015-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2015-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2515-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2515-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2615-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2615-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3015-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3015-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3115-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3115-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3515-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3515-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3615-nc", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3615-nc:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-4515_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-4515_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-4615_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-4615_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-5015_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-5015_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-5115_ac", "cpes": ["cpe:2.3:h:toshibatec:e-studio-5115_ac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2018_a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2018_a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2518_a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2518_a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-2618_a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-2618_a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3018_a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3018_a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3118_a", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3118_a:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "toshibatec", "product": "e-studio-3118_ag", "cpes": ["cpe:2.3:h:toshibatec:e-studio-3118_ag:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-14T16:45:32.781620Z", "id": "CVE-2024-3497", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T19:56:02.352Z"}}]}}