CVE-2024-3496 HIGH

CVE-2024-3496: Authentication Bypass Vulnerability

Vendor Toshiba Tec Corporation
Product Toshiba Tec e-Studio multi-function peripheral (MFP)
Weakness CWE-288
Published June 14, 2024
Last update August 19, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference URL.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
August 19, 2024 Record updated