https://www.toshibatec.com/information/20240531_01.html <br/></td> CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>https://www.toshibatec.com/information/20240531_01.html <br/></td> CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"/>

Exploit
CVE-2024-3497

Relative Path Traversal (CWE-23)

Published: Jun 14, 2024 / Updated: 5mo ago

010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard

Summary

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the unzip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root.

Impact

This vulnerability could allow an attacker to modify printer configurations, upload malicious firmware updates, or insert malicious web content that gets rendered on the printer's web interface when accessed by legitimate users. The impacts include violating the confidentiality, integrity and availability of the printer. The vulnerability has a CVSS v3 base score of 8.8, indicating a high severity. The impact on confidentiality, integrity, and availability is rated as HIGH.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Toshiba has issued an update to correct this vulnerability. More details can be found at: https://www.toshibatec.com/information/20240531_01.html

Mitigation

Until patched versions are available, restrict network access to the printer's web interface and services from untrusted networks. Apply principle of least privilege and allow only authorized systems/users to access printer management interfaces.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-3497. See article

Jun 14, 2024 at 3:20 AM / <object object at 0x7e3db861e530>
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 14, 2024 at 4:33 AM
CVE Assignment

NVD published the first details for CVE-2024-3497

Jun 14, 2024 at 5:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Jun 14, 2024 at 5:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 14, 2024 at 5:36 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 15.5%)

Jun 14, 2024 at 10:05 AM
Static CVE Timeline Graph

Affected Systems

Toshiba
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-814/
+null more

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

Vendor Advisory

ZDI-24-814: Toshiba e-STUDIO2518A unzip Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. An attacker can leverage this vulnerability to execute code in the context of root.

News

Activity Timeline - IBM X-Force Exchange
Toshiba Tec and Oki Electric Industry MFPs (multifunction printers) directory traversal (CVE-2024-3497), Jun 13, 2024. 8.8, VUL, New vulnerability
Multiple vulnerabilities in Toshiba Tec MFPs
Security Bulletin 19 June 2024 - Cyber Security Agency of Singapore
Security Bulletin 19 June 2024 Cyber Security Agency of Singapore
ZDI-24-814: Toshiba e-STUDIO2518A unzip Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Toshiba e-STUDIO2518A printers. An attacker can leverage this vulnerability to execute code in the context of root.
Toshiba Tec Identifies More MFP Vulnerabilities
A vulnerable code set is used in part of the internal program code of the multifunction device, and information can be stolen by a third party who has access to the multifunction device. There is a cross-site scripting vulnerability in the web management program (TopAccess), which allows information to be stolen by a third party who has access to the multifunction device.
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI