CVE-2024-3498

HIGH

Printer <version> - Privilege Escalation

Title source: llm

Description

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference URL.

References (3)

[Various Sources] https://www.toshibatec.com/information/20240531_01.html

[Various Sources] https://www.toshibatec.com/information/pdf/information20240531_01.pdf

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU97136265/index.html

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 28.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-250

Status published

Products (1)

Toshiba Tec Corporation/Toshiba Tec e-Studio multi-function peripheral (MFP) see the reference URL

Published Jun 14, 2024

Tracked Since Feb 18, 2026