[Japanese]

JVNDB-2024-003539

Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs

Overview

MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.

  • Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (CWE-776) - CVE-2024-27141, CVE-2024-27142

  • Execution with Unnecessary Privileges (CWE-250) - CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498

  • Incorrect Default Permissions (CWE-276) - CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171

  • Path Traversal (CWE-22) - CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178

  • Insertion of Sensitive Information into Log File (CWE-532) - CVE-2024-27154, CVE-2024-27156, CVE-2024-27157

  • Plaintext Storage of a Password (CWE-256) - CVE-2024-27166

  • Debug Messages Revealing Unnecessary Information (CWE-1295) - CVE-2024-27179

  • Use of Default Credentials (CWE-1392) - CVE-2024-27158

  • Use of Hard-coded Credentials (CWE-798) - CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170

  • Use of Hard-coded Password (CWE-259) - CVE-2024-27164

  • Cross-site Scripting (CWE-79) - CVE-2024-27162

  • Cleartext Transmission of Sensitive Information (CWE-319) - CVE-2024-27163

  • Least Privilege Violation (CWE-272) - CVE-2024-27165

  • Missing Authentication for Critical Function (CWE-306) - CVE-2024-27169

  • OS Command Injection (CWE-78) - CVE-2024-27172

  • External Control of File Name or Path (CWE-73) - CVE-2024-27175

  • Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) - CVE-2024-27180

  • Authentication Bypass Using an Alternate Path or Channel (CWE-288) - CVE-2024-3496

  • Relative Path Traversal (CWE-23) - CVE-2024-3497



Toshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.

Oki Electric Industry Co., Ltd.
  • (Multiple Products)
TOSHIBA TEC
  • (Multiple Products)

Impact


  • An attacker who can access the affected products may cause a denial-of-service (DoS) condition - CVE-2024-27141, CVE-2024-27142

  • An attacker who can access the affected products may execute arbitrary code - CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171, CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178, CVE-2024-27165, CVE-2024-27172, CVE-2024-3497, CVE-2024-3498

  • An attacker who can access the affected products may obtain the information - CVE-2024-27154, CVE-2024-27156, CVE-2024-27157, CVE-2024-27166, CVE-2024-27179, CVE-2024-27158, CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170,  CVE-2024-27164, CVE-2024-27162, CVE-2024-27163, CVE-2024-27175, CVE-2024-3496

  • An attacker who can access the affected products may access the administrative interface - CVE-2024-27169

  • An attacker who can access the affected products may alter the information - CVE-2024-27180


For more information, refer to the information provided by the respective vendors.
Solution

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the respective vendors.

[Apply workaround]
Applying the following workarounds may mitigate the impacts of these vulnerabilities.

  • Use MFPs only in the protected network with firewall, etc.

  • Use IP Address Filter function and block access from untrusted hosts

  • Restrict physical access to the network which is connected to MFPs



For the details of the updates and workarounds, refer to the information provided by the respective vendors from [Vendor Status] section.
Vendor Information

Oki Electric Industry Co., Ltd. TOSHIBA TEC
CWE (What is CWE?)

  1. Debug Messages Revealing Unnecessary Information(CWE-1295) [Other]
  2. Use of Default Credentials(CWE-1392) [Other]
  3. Path Traversal(CWE-22) [Other]
  4. Relative Path Traversal(CWE-23) [Other]
  5. Execution with Unnecessary Privileges(CWE-250) [Other]
  6. Unprotected Storage of Credentials(CWE-256) [Other]
  7. Use of Hard-coded Password(CWE-259) [Other]
  8. Least Privilege Violation(CWE-272) [Other]
  9. Incorrect Default Permissions(CWE-276) [Other]
  10. Authentication Bypass Using an Alternate Path or Channel(CWE-288) [Other]
  11. Missing Authentication for Critical Function(CWE-306) [Other]
  12. Cleartext Transmission of Sensitive Information(CWE-319) [Other]
  13. Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367) [Other]
  14. Information Exposure Through Log Files(CWE-532) [Other]
  15. External Control of File Name or Path(CWE-73) [Other]
  16. Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')(CWE-776) [Other]
  17. OS Command Injection(CWE-78) [Other]
  18. Cross-site Scripting(CWE-79) [Other]
  19. Use of Hard-coded Credentials(CWE-798) [Other]
CVE (What is CVE?)

  1. CVE-2024-27141
  2. CVE-2024-27142
  3. CVE-2024-27143
  4. CVE-2024-27146
  5. CVE-2024-27147
  6. CVE-2024-3498
  7. CVE-2024-27148
  8. CVE-2024-27149
  9. CVE-2024-27150
  10. CVE-2024-27151
  11. CVE-2024-27152
  12. CVE-2024-27153
  13. CVE-2024-27155
  14. CVE-2024-27167
  15. CVE-2024-27171
  16. CVE-2024-27144
  17. CVE-2024-27145
  18. CVE-2024-27173
  19. CVE-2024-27174
  20. CVE-2024-27176
  21. CVE-2024-27177
  22. CVE-2024-27178
  23. CVE-2024-27154
  24. CVE-2024-27156
  25. CVE-2024-27157
  26. CVE-2024-27166
  27. CVE-2024-27179
  28. CVE-2024-27158
  29. CVE-2024-27159
  30. CVE-2024-27160
  31. CVE-2024-27161
  32. CVE-2024-27168
  33. CVE-2024-27170
  34. CVE-2024-27164
  35. CVE-2024-27162
  36. CVE-2024-27163
  37. CVE-2024-27165
  38. CVE-2024-27169
  39. CVE-2024-27172
  40. CVE-2024-27175
  41. CVE-2024-27180
  42. CVE-2024-3496
  43. CVE-2024-3497
References

  1. JVN : JVNVU#97136265
Revision History

  • [2024/06/17]
      Web page was published

Date Public2024/06/14
Date First Published2024/06/17
Date Last Updated2024/06/17