Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities
A number of new vulnerabilities have been found in Toshiba e-STUDIO Multi-Operate Printers (MFPs) which are utilized by companies and organizations worldwide.
These vulnerabilities have an effect on 103 totally different fashions of Toshiba Multi-Operate Printers.
Vulnerabilities recognized embody Distant Code execution, XML Exterior Entity Injection (XXE), Privilege Escalation, Authentication credential leak, DOM-based XSS, Insecure Permissions, TOCTOU (Time-Of-Verify to Time-Of-Use) situations, and lots of others.
"Is Your System Beneath Assault? Strive Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Customers!"- Free Demo
Toshiba Multi-Operate Printers
In response to the studies shared with Cyber Safety Information, CVE-2024-27171 and CVE-2024-27180 have an effect on the implementation of third-party software programs and in addition the third-party functions which are put in by default on Toshiba Printers.
A risk actor can exploit Toshiba Multi-function printers utilizing a number of vulnerabilities. The listing of Affected Toshiba MFP fashions is as follows:
2021AC | 4528AG | 3515AC | 5018A | 3005AC | 3508LP |
2521AC | 5528A | 3615AC | 5118A | 3505AC | 4508LP |
2020AC | 6528A | 4515AC | 5516AC | 4505AC | 5008LP |
2520AC | 6526AC | 4615AC | 5616AC | 5005AC | |
2025NC | 6527AC | 5015AC | 6516AC | 2008A | |
2525AC | 7527AC | 5115AC | 6616AC | 2508A | |
3025AC | 6529A | 2018A | 7516AC | 3008A | |
3525AC | 7529A | 2518A | 7616AC | 3008AG | |
3525ACG | 9029A | 2618A | 5518A | 3508A | |
4525AC | 330AC | 3018A | 5618A | 3508AG | |
4525ACG | 400AC | 3118A | 6518A | 4508A | |
5525AC | 2010AC | 3018AG | 6618A | 4508AG | |
5525ACG | 2110AC | 3518A | 7518A | 5008A | |
6525AC | 2510AC | 3518AG | 7618A | 5506AC | |
6525ACG | 2610AC | 3618A | 8518A | 6506AC | |
2528A | 2015NC | 3618AG | 8618A | 7506AC | |
3028A | 2515AC | 4518A | 2000AC | 5508A | |
3528A | 2615AC | 4518AG | 2500AC | 6508A | |
3528AG | 3015AC | 4618A | 2005NC | 7508A | |
4528A | 3115AC | 4618AG | 2505AC | 8508A |
Moreover, it was additionally talked about that the bodily safety of the printers was not analyzed, and the vulnerabilities have been confirmed in several fashions that run the most recent firmware variations, equivalent to
- e-STUDIO2010AC
- e-STUDIO3005AC
- e-STUDIO3508A
- e-STUDIO5018A
Additional, all these printers run in Linux and are highly effective and could be leveraged by a risk actor to maneuver laterally inside infrastructures.
40 vulnerabilities had been reported to Toshiba, and vital safety advisories have been printed to handle these vulnerabilities.
- CVE-2024-27141 – Pre-authenticated Blind XML Exterior Entity (XXE) injection – DoS
- CVE-2024-27142 – Pre-authenticated XXE injection
- CVE-2024-27143 – Pre-authenticated Distant Code Execution as root
- CVE-2024-27144 – Pre-authenticated Distant Code Execution as root or apache and a number of Native Privilege Escalations
4.1. Distant Code Execution – Add of a brand new .py module inside WSGI Python packages
4.2. Distant Code Execution – Add of a brand new .ini configuration information inside WSGI Python packages
4.3. Distant Code Execution – Add of a malicious script /tmp/backtraceScript.sh and injection of malicious gdb instructions
4.4. Distant Code Execution – Add of a malicious /house/SYSROM_SRC/construct/widespread/bin/sapphost.py program
4.5. Distant Code Execution – Add of malicious libraries
4.6. Different methods to get Distant Code Execution - CVE-2024-27145 – A number of Put up-authenticated Distant Code Executions as root
- CVE-2024-27146 – Lack of privileges separation
- CVE-2024-27147 – Native Privilege Escalation and Distant Code Execution utilizing snmpd
- CVE-2024-27148 – Native Privilege Escalation and Distant Code Execution utilizing insecure PATH
- CVE-2024-27149 – Native Privilege Escalation and Distant Code Execution utilizing insecure LD_PRELOAD
- CVE-2024-27150 – Native Privilege Escalation and Distant Code Execution utilizing insecure LD_LIBRARY_PATH
- CVE-2024-27151 – Native Privilege Escalation and Distant Code Execution utilizing insecure permissions for 106 packages
11.1. 3 weak packages not working as root
11.2. 103 weak packages working as root - CVE-2024-27152 – Native Privilege Escalation and Distant Code Execution utilizing insecure permissions for libraries
12.1. Instance with /house/SYSROM_SRC/bin/syscallerr - CVE-2024-27153 – Native Privilege Escalation and Distant Code Execution utilizing CISSM
- CVE-2024-27154 and CVE-2024-27155 – Passwords saved in clear-text logs and insecure logs
14.1. Clear-text password written in logs when an consumer logs into the printer
14.2. Clear-text password written in logs when a password is modified - CVE-2024-27156 – Leak of authentication periods in insecure logs in /ramdisk/work/log listing
- CVE-2024-27157 – Leak of authentication periods in insecure logs in /ramdisk/al/community/log listing
- CVE-2024-27158 – Hardcoded root password
- CVE-2024-27159 – Hardcoded password used to encrypt logs
- CVE-2024-27160 – Hardcoded password used to encrypt logs and use of a weak digest cipher
- CVE-2024-27161 – Hardcoded password used to encrypt information
- CVE-2024-27162 – DOM-based XSS current within the /js/TopAccessUtil.js file
- CVE-2024-27163 – Leak of admin password and passwords
- CVE-2024-27164 – Hardcoded credentials in telnetd
- CVE-2024-27165 – Native Privilege Escalation utilizing PROCSUID
- CVE-2024-27166 – Insecure permissions for core information
- CVE-2024-27167 – Insecure permissions used for Sendmail – Native Privilege Escalation
- CVE-2024-27168 – Hardcoded keys present in Python functions used to generate authentication cookies
- CVE-2024-27169 – Lack of authentication in WebPanel – Native Privilege Escalation
- CVE-2024-27170 – Hardcoded credentials for WebDAV entry
- CVE-2024-27171 – Insecure permissions
- CVE-2024-27172 – Distant Code Execution – command injection as root
- CVE-2024-27173 – Distant Code Execution – insecure add
- CVE-2024-27174 – Distant Code Execution – insecure add
- CVE-2024-27175 – Native File Inclusion
- CVE-2024-27176 – Distant Code Execution – insecure add
- CVE-2024-27177 – Distant Code Execution – insecure add
- CVE-2024-27178 – Distant Code Execution – insecure copy
- CVE-2024-27179 – Session disclosure contained in the log information within the set up of functions
- CVE-2024-27180 – TOCTOU vulnerability within the set up of functions, permitting to put in rogue functions and get RCE
Customers of those Toshiba merchandise are advisable to improve to the most recent model as per Toshiba’s safety advisory to stop these vulnerabilities from getting exploited by risk actors.
Are you from SOC/DFIR Groups? - Join a free ANY.RUN account! to Analyse Superior Malware Recordsdata