CRITICAL🇵🇱 Wersja polska

CVE-2024-27143

CVSS 9.8v3.1pub. 2024-06-14upd. 2026-04-15

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.

🤖 AI Analysis
How it works

An attacker exploits the SNMP protocol configured in Toshiba printers, gaining access using the private community name. Through specially crafted SNMP requests, it is possible to remotely execute arbitrary system commands with root privileges on the device. The vulnerability works in combination with other flaws, meaning that its independent exploitation is more difficult and results in lower actual risk than indicated by the base CVSS score.

Impact

An attacker gains full root access to a remote Toshiba printer, enabling device takeover, theft of configuration data, and potential lateral movement within the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Additionally, it is recommended to restrict SNMP protocol access at the firewall level, change default SNMP community names, and isolate printing devices in a separate network segment.

Who is affected

Toshiba printers — specific models and versions indicated in the manufacturer's references (https://www.toshibatec.com/information/20240531_01.html)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References