https://www.toshibatec.com/information/20240531_01.html <br/></td> CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>https://www.toshibatec.com/information/20240531_01.html <br/></td> CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>
Relative Path Traversal (CWE-23)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root.
This vulnerability could allow an attacker to modify printer configurations, upload malicious firmware updates, or insert malicious web content that gets rendered on the printer's web interface when accessed by legitimate users. The impacts include violating the confidentiality, integrity and availability of the printer. The vulnerability has a CVSS v3 base score of 8.8, indicating a high severity. The impact on confidentiality, integrity, and availability is rated as HIGH.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Toshiba has issued an update to correct this vulnerability. More details can be found at: https://www.toshibatec.com/information/20240531_01.html
Until patched versions are available, restrict network access to the printer's web interface and services from untrusted networks. Apply principle of least privilege and allow only authorized systems/users to access printer management interfaces.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2024-3497. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-3497
A CVSS base score of 8.8 has been assigned.
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.05% (Percentile: 15.5%)