A recent security assessment has revealed that 103 different models of Toshiba Multi-Function Printers (MFPs) have been found to have 40 severe vulnerabilities.
Attackers can exploit these vulnerabilities to gain unauthorized access and control over the affected devices. The vulnerabilities consist of multiple remote code execution and local privilege escalation flaws.
A multifunction printer (MFP) is a device that combines the features of a printer, copier, scanner, and/or fax into a single machine. Many businesses opt for multifunction printers as they offer an affordable way to streamline operations and enhance productivity.
The vulnerabilities have been assigned specific Common Vulnerabilities and Exposures (CVE) identifiers, highlighting their severity.
Some of the major vulnerabilities found
The security issues found in Toshiba MFPs cover a broad range of vulnerabilities, each presenting significant risks to users. There are two vulnerabilities, known as CVE-2024-27141 and CVE-2024-27142, that deal with pre-authenticated Blind XML External Entity (XXE) injection.
These vulnerabilities can result in Denial of Service (DoS) and unauthorized XXE injection, enabling attackers to exploit the printers without requiring prior authentication.
Adding to the complexity, there are pre-authenticated remote code execution vulnerabilities documented as CVE-2024-27143 to CVE-2024-27145.
This enable attackers to run code with root or Apache user privileges, along with various techniques for local privilege escalation. It is possible for malicious actors to gain complete control over affected devices, even without initial access.
There are some crucial vulnerabilities, specifically CVE-2024-27146 to CVE-2024-27152, that bring attention to a lack of privilege separation.
It allow for different ways of executing code remotely due to insecure configurations and permissions. These vulnerabilities can be exploited by attackers to gain unauthorized access and manipulate printer settings or execute malicious code remotely.
The range of CVE-2024-27153 to CVE-2024-27165 highlights significant concerns regarding the storage of passwords in plain text, the use of hardcoded passwords, and insecure logging practices.
These vulnerabilities make it simple for attackers to access and exploit sensitive information, such as passwords, which puts the security of the entire network at risk.
Subscribe to our newsletter
Lastly, CVE-2024-27166 to CVE-2024-27180 address vulnerabilities found in the implementation of third-party applications. Some of the vulnerabilities that can be found are remote code execution, local file inclusion, and session disclosure in logs.
Attackers can take advantage of these vulnerabilities to gain control over third-party applications running on the printers, which increases the potential for further attacks.
Affected printer models
The list of affected Toshiba MFP models is extensive and includes popular series such as:
- e-STUDIO2010AC, e-STUDIO2520AC, e-STUDIO3508A, e-STUDIO5018A
- Numerous other models ranging from the 2021AC to the 8528A series
The vulnerabilities were found during a thorough remote security assessment. The testers had limited information, only the IP addresses of the printers, and no physical access or credentials.
This could allow an attacker to carry out malicious activities such as executing harmful code, gaining higher privileges, and potentially spreading across the network infrastructure.