JVN#92830293
TOSHIBA TEC e-Studio series vulnerable to authentication bypass
Overview
Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability.
Products Affected
A wide range of products are affected. For more information, refer to the developer's website.
Description
e-Studio is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass.
Impact
An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed and credential information may be viewed.
Solution
Update the software
Apply the latest update for each product according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| TOSHIBA TEC CORPORATION | About a vulnerability in TOSHIBA TEC digital MFP web-based management utility (Japanese only) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2012.04.05
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2012-1239 |
| JVN iPedia |
JVNDB-2012-000028 |