{
    "dataType": "CVE_RECORD",
    "cveMetadata": {
        "cveId": "CVE-2024-27168",
        "assignerOrgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
        "state": "PUBLISHED",
        "assignerShortName": "Toshiba",
        "dateReserved": "2024-02-21T02:11:59.653Z",
        "datePublished": "2024-06-14T03:53:58.804Z",
        "dateUpdated": "2024-08-02T00:27:59.645Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "platforms": [
                        "Linux"
                    ],
                    "product": "Toshiba Tec e-Studio multi-function peripheral (MFP)",
                    "vendor": "Toshiba Tec Corporation",
                    "versions": [
                        {
                            "status": "affected",
                            "version": "see the reference URL"
                        }
                    ]
                }
            ],
            "credits": [
                {
                    "lang": "en",
                    "type": "finder",
                    "value": "We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
                }
            ],
            "datePublic": "2024-06-14T02:00:00.000Z",
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL."
                        }
                    ],
                    "value": "It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL."
                }
            ],
            "exploits": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "We are not aware of any malicious exploitation by these vulnerabilities.<br>"
                        }
                    ],
                    "value": "We are not aware of any malicious exploitation by these vulnerabilities."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-37",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "LOCAL",
                        "availabilityImpact": "NONE",
                        "baseScore": 7.1,
                        "baseSeverity": "HIGH",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "NONE",
                        "privilegesRequired": "NONE",
                        "scope": "CHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-798",
                            "description": "CWE-798 Use of Hard-coded Credentials",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "ecc0f906-8666-484c-bcf8-c3b7520a72f0",
                "shortName": "Toshiba",
                "dateUpdated": "2024-06-14T03:53:58.804Z"
            },
            "references": [
                {
                    "url": "https://www.toshibatec.com/information/20240531_01.html"
                },
                {
                    "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
                },
                {
                    "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
                },
                {
                    "url": "http://seclists.org/fulldisclosure/2024/Jul/1"
                }
            ],
            "solutions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "This issue is fixed in the version released on June 14, 2024 and all later versions.<br>"
                        }
                    ],
                    "value": "This issue is fixed in the version released on June 14, 2024 and all later versions."
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "timeline": [
                {
                    "lang": "en",
                    "time": "2024-06-14T02:00:00.000Z",
                    "value": "Fixes will be released"
                }
            ],
            "title": "Hardcoded keys used to generate authentication cookies",
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-14T18:49:02.609253Z",
                                "id": "CVE-2024-27168",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-14T18:49:09.738Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T00:27:59.645Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://www.toshibatec.com/information/20240531_01.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "http://seclists.org/fulldisclosure/2024/Jul/1",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    },
    "dataVersion": "5.1"
}