CVE-2024-27155 HIGH

CVE-2024-27155: Local Privilege Escalation and Remote Code Execution using insecure permissions

Vendor Toshiba Tec Corporation
Product Toshiba Tec e-Studio multi-function peripheral (MFP)
Weakness CWE-276
Published June 14, 2024
Last update February 13, 2025

CVSS base score

7.7/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
February 13, 2025 Record updated