Details of VAR-201204-0222

ID

VAR-201204-0222

CVE

CVE-2012-1239

TITLE

TOSHIBA TEC e-Studio series vulnerable to authentication bypass

Trust: 0.8

sources: JVNDB: JVNDB-2012-000028

DESCRIPTION

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass.An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed and credential information may be viewed. Multiple Toshiba e-Studio devices are prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and gain access in the context of the device. A remote attacker can exploit this vulnerability to bypass authentication with an unknown vector and obtain administrator-level privileges

Trust: 1.98

sources: NVD: CVE-2012-1239 // JVNDB: JVNDB-2012-000028 // BID: 50168 // VULHUB: VHN-54520

AFFECTED PRODUCTS

vendor:	toshibatec	model:	e-studio-755	scope:	eq	version:	t100sy0j302	Trust: 1.6
vendor:	toshibatec	model:	e-studio-182 with network printer kit	scope:	eq	version:	t282cn0j421	Trust: 1.6
vendor:	toshibatec	model:	e-studio-850	scope:	eq	version:	t390sy0j354	Trust: 1.6
vendor:	toshibatec	model:	e-studio-181 with network printer kit	scope:	eq	version:	t282cn0j421	Trust: 1.6
vendor:	toshibatec	model:	e-studio-tf-182 with network printer kit	scope:	eq	version:	t282cn0j421	Trust: 1.6
vendor:	toshibatec	model:	e-studio-167 with network printer kit	scope:	eq	version:	t282cn0j421	Trust: 1.6
vendor:	toshibatec	model:	e-studio-720	scope:	eq	version:	t390sy0j354	Trust: 1.6
vendor:	toshibatec	model:	e-studio-207 with network printer kit	scope:	eq	version:	t282cn0j421	Trust: 1.6
vendor:	toshibatec	model:	e-studio-855	scope:	eq	version:	t100sy0j302	Trust: 1.6
vendor:	toshibatec	model:	e-studio-655	scope:	eq	version:	t100sy0j302	Trust: 1.6
vendor:	toshibatec	model:	e-studio-3520c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-6530c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-281c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-3500c	scope:	eq	version:	t380sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-455	scope:	eq	version:	t470sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-2330c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-2830c	scope:	eq	version:	t450sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-352	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-232	scope:	eq	version:	t377sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-tf-182 with network printer kit	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-855	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-452	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-4520c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-2830c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-850	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-3510c	scope:	eq	version:	t380sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-352	scope:	eq	version:	t364sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-282	scope:	eq	version:	t377sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-351c	scope:	eq	version:	t410sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-182 with network printer kit	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-255	scope:	eq	version:	t470sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-5520c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-6520c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-355	scope:	eq	version:	t470sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-232	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-655	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-2500c	scope:	eq	version:	t380sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-451c	scope:	eq	version:	t410sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-2500c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-3510c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-281c	scope:	eq	version:	t410sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-255p	scope:	eq	version:	t470sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-355	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-2330c	scope:	eq	version:	t450sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-6520c	scope:	eq	version:	t430sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-3520c	scope:	eq	version:	t450sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-455	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-181 with network printer kit	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-600	scope:	eq	version:	t390sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-351c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-4520c	scope:	eq	version:	t450sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-720	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-207 with network printer kit	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-167 with network printer kit	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-282	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-755	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-451c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-3500c	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-600	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-5520c	scope:	eq	version:	t430sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-6530c	scope:	eq	version:	t430sy0j302	Trust: 1.0
vendor:	toshibatec	model:	e-studio-255	scope:	eq	version:	-	Trust: 1.0
vendor:	toshibatec	model:	e-studio-452	scope:	eq	version:	t364sy0j354	Trust: 1.0
vendor:	toshibatec	model:	e-studio-255p	scope:	eq	version:	-	Trust: 1.0
vendor:	toshiba tec	model:	e-studio 167 with network printer kit	scope:	lte	version:	t282cn0j421	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 181 with network printer kit	scope:	lte	version:	t282cn0j421	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 182 with network printer kit	scope:	lte	version:	t282cn0j421	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 207 with network printer kit	scope:	lte	version:	t282cn0j421	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 232	scope:	lte	version:	t377sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 2330c	scope:	lte	version:	t450sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 2500c	scope:	lte	version:	t380sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 255	scope:	lte	version:	t470sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 255p	scope:	lte	version:	t470sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 281c	scope:	lte	version:	t410sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 282	scope:	lte	version:	t377sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 2830c	scope:	lte	version:	t450sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 3500c	scope:	lte	version:	t380sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 3510c	scope:	lte	version:	t380sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 351c	scope:	lte	version:	t410sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 352	scope:	lte	version:	t364sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 3520c	scope:	lte	version:	t450sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 355	scope:	lte	version:	t470sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 451c	scope:	lte	version:	t410sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 452	scope:	lte	version:	t364sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 4520c	scope:	lte	version:	t450sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 455	scope:	lte	version:	t470sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 5520c	scope:	lte	version:	t430sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 600	scope:	lte	version:	t390sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 6520c	scope:	lte	version:	t430sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 6530c	scope:	lte	version:	t430sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 655	scope:	lte	version:	t100sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 720	scope:	lte	version:	t390sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 755	scope:	lte	version:	t100sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 850	scope:	lte	version:	t390sy0j354	Trust: 0.8
vendor:	toshiba tec	model:	e-studio 855	scope:	lte	version:	t100sy0j302	Trust: 0.8
vendor:	toshiba tec	model:	tf-182 with network printer kit	scope:	lte	version:	t282cn0j421	Trust: 0.8
vendor:	toshiba	model:	e-studio855	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio755	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio655	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio555	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio455	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio355	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio305	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio255	scope:	eq	version:	0	Trust: 0.3
vendor:	toshiba	model:	e-studio182	scope:	eq	version:	0	Trust: 0.3

sources: BID: 50168 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1239
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2012-000028
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201204-087
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-54520
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-1239
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2012-000028
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-54520
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54520 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.1
problemtype:	CWE-287	Trust: 0.8

sources: VULHUB: VHN-54520 // JVNDB: JVNDB-2012-000028 // NVD: CVE-2012-1239

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087

TYPE

permissions and access control

Trust: 1.2

sources: CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-000028

PATCH

title:

About a vulnerability in TOSHIBA TEC digital MFP web-based management utility

url:

http://www.toshibatec.co.jp/information/2012/20120405/

Trust: 0.8

sources: JVNDB: JVNDB-2012-000028

EXTERNAL IDS

db:	JVNDB	id:	JVNDB-2012-000028	Trust: 2.8
db:	JVN	id:	JVN92830293	Trust: 2.8
db:	NVD	id:	CVE-2012-1239	Trust: 2.8
db:	BID	id:	50168	Trust: 1.0
db:	CNNVD	id:	CNNVD-201204-087	Trust: 0.7
db:	CNNVD	id:	CNNVD-201110-392	Trust: 0.6
db:	JVN	id:	JVN#92830293	Trust: 0.6
db:	EXPLOIT-DB	id:	36238	Trust: 0.1
db:	VULHUB	id:	VHN-54520	Trust: 0.1

sources: VULHUB: VHN-54520 // BID: 50168 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

REFERENCES

url:	http://jvn.jp/en/jp/jvn92830293/index.html	Trust: 2.8
url:	http://www.toshibatec.co.jp/information/2012/20120405/	Trust: 1.7
url:	http://jvndb.jvn.jp/jvndb/jvndb-2012-000028	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1239	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1239	Trust: 0.8
url:	http://www.securityfocus.com/bid/50168	Trust: 0.6
url:	http://www.eid.toshiba.com.au/n_mono_search.asp	Trust: 0.3
url:	http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000028.html	Trust: 0.3

sources: VULHUB: VHN-54520 // BID: 50168 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

CREDITS

Deral Heiland PercX

Trust: 0.9

sources: BID: 50168 // CNNVD: CNNVD-201110-392

SOURCES

db:	VULHUB	id:	VHN-54520
db:	BID	id:	50168
db:	JVNDB	id:	JVNDB-2012-000028
db:	CNNVD	id:	CNNVD-201110-392
db:	CNNVD	id:	CNNVD-201204-087
db:	NVD	id:	CVE-2012-1239

LAST UPDATE DATE

2024-08-14T15:30:27.242000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-54520	date:	2012-04-09T00:00:00
db:	BID	id:	50168	date:	2012-04-05T20:30:00
db:	JVNDB	id:	JVNDB-2012-000028	date:	2012-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201110-392	date:	2011-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201204-087	date:	2012-04-10T00:00:00
db:	NVD	id:	CVE-2012-1239	date:	2012-04-09T04:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-54520	date:	2012-04-06T00:00:00
db:	BID	id:	50168	date:	2011-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2012-000028	date:	2012-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201110-392	date:	1900-01-01T00:00:00
db:	CNNVD	id:	CNNVD-201204-087	date:	2012-04-10T00:00:00
db:	NVD	id:	CVE-2012-1239	date:	2012-04-06T19:55:01.480