Least Privilege Violation in Toshiba Hardware solutions

#VU92485 Least Privilege Violation in Toshiba Hardware solutions

Published: 2024-06-20

Vulnerability identifier: #VU92485

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27165

CWE-ID: CWE-272

Exploitation vector: Local

Exploit availability: No

Vendor: Toshiba

Description

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to least privilege violation. A local user can execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

e-STUDIO 2021AC FC-2021AC: All versions

e-STUDIO 2521AC FC-2521AC: All versions

e-STUDIO 2020AC FC-2020AC: All versions

e-STUDIO 2520AC FC-2520AC: All versions

e-STUDIO 2025NC FC-2025AC: All versions

e-STUDIO 2525AC FC-2525AC: All versions

e-STUDIO 3025AC FC-3025AC: All versions

e-STUDIO 3525AC FC-3525AC: All versions

e-STUDIO 3525ACG FC-3525ACG: All versions

e-STUDIO 4525AC FC-4525AC: All versions

e-STUDIO 4525ACG FC-4525ACG: All versions

e-STUDIO 5525AC FC-5525AC: All versions

e-STUDIO 5525ACG FC-5525ACG: All versions

e-STUDIO 6525AC FC-6525AC: All versions

e-STUDIO 6525ACG FC-6525ACG: All versions

e-STUDIO 2528A DP-2528A: All versions

e-STUDIO 3028A DP-3028A: All versions

e-STUDIO 3528A DP-3528A: All versions

e-STUDIO 3528AG DP-3528AG: All versions

e-STUDIO 4528A DP-4528A: All versions

e-STUDIO 4528AG DP-4528AG: All versions

e-STUDIO 5528A DP-5528A: All versions

e-STUDIO 6528A DP-6528A: All versions

e-STUDIO 6526AC FC-6526AC: All versions

e-STUDIO 6527AC FC-6527AC: All versions

e-STUDIO 7527AC FC-7527AC: All versions

e-STUDIO 6529A DP-6529A: All versions

e-STUDIO 7529A DP-7529A: All versions

e-STUDIO 9029A DP-9029A: All versions

e-STUDIO 330AC FC-330AC: All versions

e-STUDIO 400AC FC-400AC: All versions

e-STUDIO 2010AC FC-2010AC: All versions

e-STUDIO 2110AC FC-2110AC: All versions

e-STUDIO 2510AC FC-2510AC: All versions

e-STUDIO 2610AC FC-2610AC: All versions

e-STUDIO 2015NC FC-2015AC: All versions

e-STUDIO 2515AC FC-2515AC: All versions

e-STUDIO 2615AC FC-2615AC: All versions

e-STUDIO 3015AC FC-3015AC: All versions

e-STUDIO 3115AC FC-3115AC: All versions

e-STUDIO 3515AC FC-3515AC: All versions

e-STUDIO 3615AC FC-3615AC: All versions

e-STUDIO 4515AC FC-4515AC: All versions

e-STUDIO 4615AC FC-4615AC: All versions

e-STUDIO 5015AC FC-5015AC: All versions

e-STUDIO 5115AC FC-5115AC: All versions

e-STUDIO 2018A DP-2018A: All versions

e-STUDIO 2518A DP-2518A: All versions

e-STUDIO 2618A DP-2618A: All versions

e-STUDIO 3018A DP-3018A: All versions

e-STUDIO 3118A DP-3118A: All versions

e-STUDIO 3018AG DP-3018AG: All versions

e-STUDIO 3518A DP-3518A: All versions

e-STUDIO 3518AG DP-3518AG: All versions

e-STUDIO 3618A DP-3618A: All versions

e-STUDIO 3618AG DP-3618AG: All versions

e-STUDIO 4518A DP-4518A: All versions

e-STUDIO 4518AG DP-4518AG: All versions

e-STUDIO 4618A DP-4618A: All versions

e-STUDIO 4618AG DP-4618AG: All versions

e-STUDIO 5018A DP-5018A: All versions

e-STUDIO 5118A DP-5118A: All versions

e-STUDIO 5516AC FC-5516AC: All versions

e-STUDIO 5616AC FC-5616AC: All versions

e-STUDIO 6516AC FC-6516AC: All versions

e-STUDIO 6616AC FC-6616AC: All versions

e-STUDIO 7516AC FC-7516AC: All versions

e-STUDIO 7616AC FC-7616AC: All versions

e-STUDIO 5518A DP-5518A: All versions

e-STUDIO 5618A DP-5618A: All versions

e-STUDIO 6518A DP-6518A: All versions

e-STUDIO 6618A DP-6618A: All versions

e-STUDIO 7518A DP-7518A: All versions

e-STUDIO 7618A DP-7618A: All versions

e-STUDIO 8518A DP-8518A: All versions

e-STUDIO 8618A DP-8618A: All versions

e-STUDIO 2000AC FC-2000AC: All versions

e-STUDIO 2500AC FC-2500AC: All versions

e-STUDIO 2005NC FC-2005AC: All versions

e-STUDIO 2505AC FC-2005AC: All versions

e-STUDIO 3005AC FC-2005AC: All versions

e-STUDIO 3505AC FC-2005AC: All versions

e-STUDIO 4505AC FC-2005AC: All versions

e-STUDIO 5005AC FC-2005AC: All versions

e-STUDIO 2008A DP-2008A: All versions

e-STUDIO 2508A DP-2508A: All versions

e-STUDIO 3008A DP-3008A: All versions

e-STUDIO 3008AG DP-3008AG: All versions

e-STUDIO 3508A DP-3508A: All versions

e-STUDIO 3508AG DP-3508AG: All versions

e-STUDIO 4508A DP-4508A: All versions

e-STUDIO 4508AG DP-4508AG: All versions

e-STUDIO 5008A DP-5008A: All versions

e-STUDIO 5506AC FC-5506AC: All versions

e-STUDIO 6506AC FC-6506AC: All versions

e-STUDIO 7506AC FC-7506AC: All versions

e-STUDIO 5508A DP-5508A: All versions

e-STUDIO 6508A DP-6508A: All versions

e-STUDIO 7508A DP-7508A: All versions

e-STUDIO 8508A DP-8508A: All versions

e-STUDIO 3508LP DP-3535: All versions

e-STUDIO 4508LP DP-4535: All versions

e-STUDIO 5008LP DP-5035: All versions

External links
http://jvn.jp/en/vu/JVNVU97136265/index.html
http://www.toshibatec.com/information/20240531_01.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Oki Electric Industry MFPs

Multiple vulnerabilities in Toshiba Tec MFPs