CVE-2024-3498 HIGH

CVE-2024-3498: Incorrect Permission Assignment Privilege Escalation Vulnerability

Vendor Toshiba Tec Corporation
Product Toshiba Tec e-Studio multi-function peripheral (MFP)
Weakness CWE-250
Published June 14, 2024
Last update August 1, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
August 1, 2024 Record updated