ID

VAR-201204-0222


CVE

CVE-2012-1239


TITLE

TOSHIBA TEC e-Studio series vulnerable to authentication bypass

Trust: 0.8

sources: JVNDB: JVNDB-2012-000028

DESCRIPTION

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. Multiple e-Studio series products provided by TOSHIBA TEC CORPORATION contain an authentication bypass vulnerability. e-Studio is a multi-function peripheral (MFP). Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass.An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed and credential information may be viewed. Multiple Toshiba e-Studio devices are prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and gain access in the context of the device. A remote attacker can exploit this vulnerability to bypass authentication with an unknown vector and obtain administrator-level privileges

Trust: 1.98

sources: NVD: CVE-2012-1239 // JVNDB: JVNDB-2012-000028 // BID: 50168 // VULHUB: VHN-54520

AFFECTED PRODUCTS

vendor:toshibatecmodel:e-studio-755scope:eqversion:t100sy0j302

Trust: 1.6

vendor:toshibatecmodel:e-studio-182 with network printer kitscope:eqversion:t282cn0j421

Trust: 1.6

vendor:toshibatecmodel:e-studio-850scope:eqversion:t390sy0j354

Trust: 1.6

vendor:toshibatecmodel:e-studio-181 with network printer kitscope:eqversion:t282cn0j421

Trust: 1.6

vendor:toshibatecmodel:e-studio-tf-182 with network printer kitscope:eqversion:t282cn0j421

Trust: 1.6

vendor:toshibatecmodel:e-studio-167 with network printer kitscope:eqversion:t282cn0j421

Trust: 1.6

vendor:toshibatecmodel:e-studio-720scope:eqversion:t390sy0j354

Trust: 1.6

vendor:toshibatecmodel:e-studio-207 with network printer kitscope:eqversion:t282cn0j421

Trust: 1.6

vendor:toshibatecmodel:e-studio-855scope:eqversion:t100sy0j302

Trust: 1.6

vendor:toshibatecmodel:e-studio-655scope:eqversion:t100sy0j302

Trust: 1.6

vendor:toshibatecmodel:e-studio-3520cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-6530cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-281cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-3500cscope:eqversion:t380sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-455scope:eqversion:t470sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-2330cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-2830cscope:eqversion:t450sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-352scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-232scope:eqversion:t377sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-tf-182 with network printer kitscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-855scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-452scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-4520cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-2830cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-850scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-3510cscope:eqversion:t380sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-352scope:eqversion:t364sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-282scope:eqversion:t377sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-351cscope:eqversion:t410sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-182 with network printer kitscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-255scope:eqversion:t470sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-5520cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-6520cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-355scope:eqversion:t470sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-232scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-655scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-2500cscope:eqversion:t380sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-451cscope:eqversion:t410sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-2500cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-3510cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-281cscope:eqversion:t410sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-255pscope:eqversion:t470sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-355scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-2330cscope:eqversion:t450sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-6520cscope:eqversion:t430sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-3520cscope:eqversion:t450sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-455scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-181 with network printer kitscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-600scope:eqversion:t390sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-351cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-4520cscope:eqversion:t450sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-720scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-207 with network printer kitscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-167 with network printer kitscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-282scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-755scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-451cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-3500cscope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-600scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-5520cscope:eqversion:t430sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-6530cscope:eqversion:t430sy0j302

Trust: 1.0

vendor:toshibatecmodel:e-studio-255scope:eqversion: -

Trust: 1.0

vendor:toshibatecmodel:e-studio-452scope:eqversion:t364sy0j354

Trust: 1.0

vendor:toshibatecmodel:e-studio-255pscope:eqversion: -

Trust: 1.0

vendor:toshiba tecmodel:e-studio 167 with network printer kitscope:lteversion:t282cn0j421

Trust: 0.8

vendor:toshiba tecmodel:e-studio 181 with network printer kitscope:lteversion:t282cn0j421

Trust: 0.8

vendor:toshiba tecmodel:e-studio 182 with network printer kitscope:lteversion:t282cn0j421

Trust: 0.8

vendor:toshiba tecmodel:e-studio 207 with network printer kitscope:lteversion:t282cn0j421

Trust: 0.8

vendor:toshiba tecmodel:e-studio 232scope:lteversion:t377sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 2330cscope:lteversion:t450sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 2500cscope:lteversion:t380sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 255scope:lteversion:t470sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 255pscope:lteversion:t470sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 281cscope:lteversion:t410sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 282scope:lteversion:t377sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 2830cscope:lteversion:t450sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 3500cscope:lteversion:t380sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 3510cscope:lteversion:t380sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 351cscope:lteversion:t410sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 352scope:lteversion:t364sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 3520cscope:lteversion:t450sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 355scope:lteversion:t470sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 451cscope:lteversion:t410sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 452scope:lteversion:t364sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 4520cscope:lteversion:t450sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 455scope:lteversion:t470sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 5520cscope:lteversion:t430sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 600scope:lteversion:t390sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 6520cscope:lteversion:t430sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 6530cscope:lteversion:t430sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 655scope:lteversion:t100sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 720scope:lteversion:t390sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 755scope:lteversion:t100sy0j302

Trust: 0.8

vendor:toshiba tecmodel:e-studio 850scope:lteversion:t390sy0j354

Trust: 0.8

vendor:toshiba tecmodel:e-studio 855scope:lteversion:t100sy0j302

Trust: 0.8

vendor:toshiba tecmodel:tf-182 with network printer kitscope:lteversion:t282cn0j421

Trust: 0.8

vendor:toshibamodel:e-studio855scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio755scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio655scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio555scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio455scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio355scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio305scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio255scope:eqversion:0

Trust: 0.3

vendor:toshibamodel:e-studio182scope:eqversion:0

Trust: 0.3

sources: BID: 50168 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1239
value: HIGH

Trust: 1.0

IPA: JVNDB-2012-000028
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-087
value: CRITICAL

Trust: 0.6

VULHUB: VHN-54520
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-1239
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2012-000028
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-54520
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54520 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

problemtype:CWE-287

Trust: 0.8

sources: VULHUB: VHN-54520 // JVNDB: JVNDB-2012-000028 // NVD: CVE-2012-1239

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087

TYPE

permissions and access control

Trust: 1.2

sources: CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-000028

PATCH

title:About a vulnerability in TOSHIBA TEC digital MFP web-based management utilityurl:http://www.toshibatec.co.jp/information/2012/20120405/

Trust: 0.8

sources: JVNDB: JVNDB-2012-000028

EXTERNAL IDS

db:JVNDBid:JVNDB-2012-000028

Trust: 2.8

db:JVNid:JVN92830293

Trust: 2.8

db:NVDid:CVE-2012-1239

Trust: 2.8

db:BIDid:50168

Trust: 1.0

db:CNNVDid:CNNVD-201204-087

Trust: 0.7

db:CNNVDid:CNNVD-201110-392

Trust: 0.6

db:JVNid:JVN#92830293

Trust: 0.6

db:EXPLOIT-DBid:36238

Trust: 0.1

db:VULHUBid:VHN-54520

Trust: 0.1

sources: VULHUB: VHN-54520 // BID: 50168 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

REFERENCES

url:http://jvn.jp/en/jp/jvn92830293/index.html

Trust: 2.8

url:http://www.toshibatec.co.jp/information/2012/20120405/

Trust: 1.7

url:http://jvndb.jvn.jp/jvndb/jvndb-2012-000028

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1239

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1239

Trust: 0.8

url:http://www.securityfocus.com/bid/50168

Trust: 0.6

url:http://www.eid.toshiba.com.au/n_mono_search.asp

Trust: 0.3

url:http://jvndb.jvn.jp/en/contents/2012/jvndb-2012-000028.html

Trust: 0.3

sources: VULHUB: VHN-54520 // BID: 50168 // JVNDB: JVNDB-2012-000028 // CNNVD: CNNVD-201110-392 // CNNVD: CNNVD-201204-087 // NVD: CVE-2012-1239

CREDITS

Deral Heiland PercX

Trust: 0.9

sources: BID: 50168 // CNNVD: CNNVD-201110-392

SOURCES

db:VULHUBid:VHN-54520
db:BIDid:50168
db:JVNDBid:JVNDB-2012-000028
db:CNNVDid:CNNVD-201110-392
db:CNNVDid:CNNVD-201204-087
db:NVDid:CVE-2012-1239

LAST UPDATE DATE

2024-08-14T15:30:27.242000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-54520date:2012-04-09T00:00:00
db:BIDid:50168date:2012-04-05T20:30:00
db:JVNDBid:JVNDB-2012-000028date:2012-04-05T00:00:00
db:CNNVDid:CNNVD-201110-392date:2011-10-20T00:00:00
db:CNNVDid:CNNVD-201204-087date:2012-04-10T00:00:00
db:NVDid:CVE-2012-1239date:2012-04-09T04:00:00

SOURCES RELEASE DATE

db:VULHUBid:VHN-54520date:2012-04-06T00:00:00
db:BIDid:50168date:2011-10-17T00:00:00
db:JVNDBid:JVNDB-2012-000028date:2012-04-05T00:00:00
db:CNNVDid:CNNVD-201110-392date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201204-087date:2012-04-10T00:00:00
db:NVDid:CVE-2012-1239date:2012-04-06T19:55:01.480