CVE-2024-27142 Information

Description

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions see the reference URL.

Reference

https://www.toshibatec.com/information/20240531_01.html https://www.toshibatec.com/information/pdf/information20240531_01.pdf https://jvn.jp/en/vu/JVNVU97136265/index.html