Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities

Plenty of modern vulnerabilities were found in Toshiba e-STUDIO Multi-Aim Printers (MFPs) which would maybe be used by companies and organizations worldwide.

These vulnerabilities affect 103 varied objects of Toshiba Multi-Aim Printers.

Vulnerabilities acknowledged include Distant Code execution, XML Exterior Entity Injection (XXE), Privilege Escalation, Authentication credential leak, DOM-primarily based mostly XSS, Tremulous Permissions, TOCTOU (Time-Of-Test to Time-Of-Employ) conditions, and a good deal of others.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Toshiba Multi-Aim Printers

In accordance with the studies shared with Cyber Safety Files, CVE-2024-27171 and CVE-2024-27180 affect the implementation of third-birthday party application systems and also the third-birthday party applications which would maybe be keep in by default on Toshiba Printers.

A threat actor can exploit Toshiba Multi-feature printers the use of a pair of vulnerabilities. The list of Affected Toshiba MFP objects is as follows:

Furthermore, it became also mentioned that the bodily security of the printers became now not analyzed, and the vulnerabilities were confirmed in varied objects that chase basically the most traditional firmware variations, equivalent to

• e-STUDIO2010AC
• e-STUDIO3005AC
• e-STUDIO3508A
• e-STUDIO5018A

Extra, all these printers chase in Linux and are highly effective and is also leveraged by a threat actor to circulation laterally internal infrastructures.

40 vulnerabilities were reported to Toshiba, and indispensable security advisories were published to tackle these vulnerabilities.

1. CVE-2024-27141 – Pre-authenticated Blind XML Exterior Entity (XXE) injection – DoS
2. CVE-2024-27142 – Pre-authenticated XXE injection
3. CVE-2024-27143 – Pre-authenticated Distant Code Execution as root
4. CVE-2024-27144 – Pre-authenticated Distant Code Execution as root or apache and a pair of Local Privilege Escalations
   4.1. Distant Code Execution – Upload of a modern .py module internal WSGI Python applications
   4.2. Distant Code Execution – Upload of a modern .ini configuration files internal WSGI Python applications
   4.3. Distant Code Execution – Upload of a malicious script /tmp/backtraceScript.sh and injection of malicious gdb commands
   4.4. Distant Code Execution – Upload of a malicious /home/SYSROM_SRC/make/accepted/bin/sapphost.py program
   4.5. Distant Code Execution – Upload of malicious libraries
   4.6. Assorted ways to win Distant Code Execution
5. CVE-2024-27145 – Plenty of Submit-authenticated Distant Code Executions as root
6. CVE-2024-27146 – Lack of privileges separation
7. CVE-2024-27147 – Local Privilege Escalation and Distant Code Execution the use of snmpd
8. CVE-2024-27148 – Local Privilege Escalation and Distant Code Execution the use of nervous PATH
9. CVE-2024-27149 – Local Privilege Escalation and Distant Code Execution the use of nervous LD_PRELOAD
10. CVE-2024-27150 – Local Privilege Escalation and Distant Code Execution the use of nervous LD_LIBRARY_PATH
11. CVE-2024-27151 – Local Privilege Escalation and Distant Code Execution the use of nervous permissions for 106 applications
    11.1. 3 inclined applications now not running as root
    11.2. 103 inclined applications running as root
12. CVE-2024-27152 – Local Privilege Escalation and Distant Code Execution the use of nervous permissions for libraries
    12.1. Example with /home/SYSROM_SRC/bin/syscallerr
13. CVE-2024-27153 – Local Privilege Escalation and Distant Code Execution the use of CISSM
14. CVE-2024-27154 and CVE-2024-27155 – Passwords kept in sure-textual exclaim material logs and nervous logs
    14.1. Certain-textual exclaim material password written in logs when an user logs into the printer
    14.2. Certain-textual exclaim material password written in logs when a password is modified
15. CVE-2024-27156 – Leak of authentication sessions in nervous logs in /ramdisk/work/log itemizing
16. CVE-2024-27157 – Leak of authentication sessions in nervous logs in /ramdisk/al/network/log itemizing
17. CVE-2024-27158 – Hardcoded root password
18. CVE-2024-27159 – Hardcoded password used to encrypt logs
19. CVE-2024-27160 – Hardcoded password used to encrypt logs and use of a venerable digest cipher
20. CVE-2024-27161 – Hardcoded password used to encrypt files
21. CVE-2024-27162 – DOM-primarily based mostly XSS fresh within the /js/TopAccessUtil.js file
22. CVE-2024-27163 – Leak of admin password and passwords
23. CVE-2024-27164 – Hardcoded credentials in telnetd
24. CVE-2024-27165 – Local Privilege Escalation the use of PROCSUID
25. CVE-2024-27166 – Tremulous permissions for core files
26. CVE-2024-27167 – Tremulous permissions used for Sendmail – Local Privilege Escalation
27. CVE-2024-27168 – Hardcoded keys found in Python applications used to generate authentication cookies
28. CVE-2024-27169 – Lack of authentication in WebPanel – Local Privilege Escalation
29. CVE-2024-27170 – Hardcoded credentials for WebDAV win admission to
30. CVE-2024-27171 – Tremulous permissions
31. CVE-2024-27172 – Distant Code Execution – snarl injection as root
32. CVE-2024-27173 – Distant Code Execution – nervous add
33. CVE-2024-27174 – Distant Code Execution – nervous add
34. CVE-2024-27175 – Local File Inclusion
35. CVE-2024-27176 – Distant Code Execution – nervous add
36. CVE-2024-27177 – Distant Code Execution – nervous add
37. CVE-2024-27178 – Distant Code Execution – nervous reproduction
38. CVE-2024-27179 – Session disclosure within the log files within the set up of applications
39. CVE-2024-27180 – TOCTOU vulnerability within the set up of applications, allowing to set up rogue applications and win RCE

Users of these Toshiba merchandise are suggested to upgrade to basically the most traditional version as per Toshiba’s security advisory to stop these vulnerabilities from getting exploited by threat actors.