Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide.
These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.
Vulnerabilities identified include Remote Code execution, XML External Entity Injection (XXE), Privilege Escalation, Authentication credential leak, DOM-based XSS, Insecure Permissions, TOCTOU (Time-Of-Check to Time-Of-Use) conditions, and many others.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Toshiba Multi-Function Printers
According to the reports shared with Cyber Security News, CVE-2024-27171 and CVE-2024-27180 affect the implementation of third-party application systems and also the third-party applications that are installed by default on Toshiba Printers.
A threat actor can exploit Toshiba Multi-function printers using multiple vulnerabilities. The list of Affected Toshiba MFP models is as follows:
2021AC4528AG3515AC5018A3005AC3508LP2521AC5528A3615AC5118A3505AC4508LP2020AC6528A4515AC5516AC4505AC5008LP2520AC6526AC4615AC5616AC5005AC 2025NC6527AC5015AC6516AC2008A 2525AC7527AC5115AC6616AC2508A 3025AC6529A2018A7516AC3008A 3525AC7529A2518A7616AC3008AG 3525ACG9029A2618A5518A3508A 4525AC330AC3018A5618A3508AG 4525ACG400AC3118A6518A4508A 5525AC2010AC3018AG6618A4508AG 5525ACG2110AC3518A7518A5008A 6525AC2510AC3518AG7618A5506AC 6525ACG2610AC3618A8518A6506AC 2528A2015NC3618AG8618A7506AC 3028A2515AC4518A2000AC5508A 3528A2615AC4518AG2500AC6508A 3528AG3015AC4618A2005NC7508A 4528A3115AC4618AG2505AC8508A
Additionally, it was also mentioned that the physical security of the printers was not analyzed, and the vulnerabilities have been confirmed in different models that run the latest firmware versions, such as
Further, all these printers run in Linux and are powerful and can be leveraged by a threat actor to move laterally inside infrastructures.
40 vulnerabilities were reported to Toshiba, and necessary security advisories have been published to address these vulnerabilities.
Users of these Toshiba products are recommended to upgrade to the latest version as per Toshiba’s security advisory to prevent these vulnerabilities from getting exploited by threat actors.
#Cyber_Security_News #Endpoint_Security #Exploit #Vulnerability #cyber_security #Multi-Function_Printers #Toshiba #Vulnerabilities
Оригинальная версия на сайте:
Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities
Author: EswarSeveral new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide.
These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.
Vulnerabilities identified include Remote Code execution, XML External Entity Injection (XXE), Privilege Escalation, Authentication credential leak, DOM-based XSS, Insecure Permissions, TOCTOU (Time-Of-Check to Time-Of-Use) conditions, and many others.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Toshiba Multi-Function Printers
According to the reports shared with Cyber Security News, CVE-2024-27171 and CVE-2024-27180 affect the implementation of third-party application systems and also the third-party applications that are installed by default on Toshiba Printers.
A threat actor can exploit Toshiba Multi-function printers using multiple vulnerabilities. The list of Affected Toshiba MFP models is as follows:
2021AC4528AG3515AC5018A3005AC3508LP2521AC5528A3615AC5118A3505AC4508LP2020AC6528A4515AC5516AC4505AC5008LP2520AC6526AC4615AC5616AC5005AC 2025NC6527AC5015AC6516AC2008A 2525AC7527AC5115AC6616AC2508A 3025AC6529A2018A7516AC3008A 3525AC7529A2518A7616AC3008AG 3525ACG9029A2618A5518A3508A 4525AC330AC3018A5618A3508AG 4525ACG400AC3118A6518A4508A 5525AC2010AC3018AG6618A4508AG 5525ACG2110AC3518A7518A5008A 6525AC2510AC3518AG7618A5506AC 6525ACG2610AC3618A8518A6506AC 2528A2015NC3618AG8618A7506AC 3028A2515AC4518A2000AC5508A 3528A2615AC4518AG2500AC6508A 3528AG3015AC4618A2005NC7508A 4528A3115AC4618AG2505AC8508A
Additionally, it was also mentioned that the physical security of the printers was not analyzed, and the vulnerabilities have been confirmed in different models that run the latest firmware versions, such as
- e-STUDIO2010AC
- e-STUDIO3005AC
- e-STUDIO3508A
- e-STUDIO5018A
Further, all these printers run in Linux and are powerful and can be leveraged by a threat actor to move laterally inside infrastructures.
40 vulnerabilities were reported to Toshiba, and necessary security advisories have been published to address these vulnerabilities.
- CVE-2024-27141 – Pre-authenticated Blind XML External Entity (XXE) injection – DoS
- CVE-2024-27142 – Pre-authenticated XXE injection
- CVE-2024-27143 – Pre-authenticated Remote Code Execution as root
- CVE-2024-27144 – Pre-authenticated Remote Code Execution as root or apache and multiple Local Privilege Escalations
4.1. Remote Code Execution – Upload of a new .py module inside WSGI Python programs
4.2. Remote Code Execution – Upload of a new .ini configuration files inside WSGI Python programs
4.3. Remote Code Execution – Upload of a malicious script /tmp/backtraceScript.sh and injection of malicious gdb commands
4.4. Remote Code Execution – Upload of a malicious /home/SYSROM_SRC/build/common/bin/sapphost.py program
4.5. Remote Code Execution – Upload of malicious libraries
4.6. Other ways to get Remote Code Execution - CVE-2024-27145 – Multiple Post-authenticated Remote Code Executions as root
- CVE-2024-27146 – Lack of privileges separation
- CVE-2024-27147 – Local Privilege Escalation and Remote Code Execution using snmpd
- CVE-2024-27148 – Local Privilege Escalation and Remote Code Execution using insecure PATH
- CVE-2024-27149 – Local Privilege Escalation and Remote Code Execution using insecure LD_PRELOAD
- CVE-2024-27150 – Local Privilege Escalation and Remote Code Execution using insecure LD_LIBRARY_PATH
- CVE-2024-27151 – Local Privilege Escalation and Remote Code Execution using insecure permissions for 106 programs
11.1. 3 vulnerable programs not running as root
11.2. 103 vulnerable programs running as root - CVE-2024-27152 – Local Privilege Escalation and Remote Code Execution using insecure permissions for libraries
12.1. Example with /home/SYSROM_SRC/bin/syscallerr - CVE-2024-27153 – Local Privilege Escalation and Remote Code Execution using CISSM
- CVE-2024-27154 and CVE-2024-27155 – Passwords stored in clear-text logs and insecure logs
14.1. Clear-text password written in logs when an user logs into the printer
14.2. Clear-text password written in logs when a password is modified - CVE-2024-27156 – Leak of authentication sessions in insecure logs in /ramdisk/work/log directory
- CVE-2024-27157 – Leak of authentication sessions in insecure logs in /ramdisk/al/network/log directory
- CVE-2024-27158 – Hardcoded root password
- CVE-2024-27159 – Hardcoded password used to encrypt logs
- CVE-2024-27160 – Hardcoded password used to encrypt logs and use of a weak digest cipher
- CVE-2024-27161 – Hardcoded password used to encrypt files
- CVE-2024-27162 – DOM-based XSS present in the /js/TopAccessUtil.js file
- CVE-2024-27163 – Leak of admin password and passwords
- CVE-2024-27164 – Hardcoded credentials in telnetd
- CVE-2024-27165 – Local Privilege Escalation using PROCSUID
- CVE-2024-27166 – Insecure permissions for core files
- CVE-2024-27167 – Insecure permissions used for Sendmail – Local Privilege Escalation
- CVE-2024-27168 – Hardcoded keys found in Python applications used to generate authentication cookies
- CVE-2024-27169 – Lack of authentication in WebPanel – Local Privilege Escalation
- CVE-2024-27170 – Hardcoded credentials for WebDAV access
- CVE-2024-27171 – Insecure permissions
- CVE-2024-27172 – Remote Code Execution – command injection as root
- CVE-2024-27173 – Remote Code Execution – insecure upload
- CVE-2024-27174 – Remote Code Execution – insecure upload
- CVE-2024-27175 – Local File Inclusion
- CVE-2024-27176 – Remote Code Execution – insecure upload
- CVE-2024-27177 – Remote Code Execution – insecure upload
- CVE-2024-27178 – Remote Code Execution – insecure copy
- CVE-2024-27179 – Session disclosure inside the log files in the installation of applications
- CVE-2024-27180 – TOCTOU vulnerability in the installation of applications, allowing to install rogue applications and get RCE
Users of these Toshiba products are recommended to upgrade to the latest version as per Toshiba’s security advisory to prevent these vulnerabilities from getting exploited by threat actors.
#Cyber_Security_News #Endpoint_Security #Exploit #Vulnerability #cyber_security #Multi-Function_Printers #Toshiba #Vulnerabilities
Оригинальная версия на сайте:
