CVE-2024-27168

{"id": "CVE-2024-27168", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ecc0f906-8666-484c-bcf8-c3b7520a72f0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.5}]}, "published": "2024-06-14T04:15:34.900", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Jul/1", "source": "ecc0f906-8666-484c-bcf8-c3b7520a72f0"}, {"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", "source": "ecc0f906-8666-484c-bcf8-c3b7520a72f0"}, {"url": "https://www.toshibatec.com/information/20240531_01.html", "source": "ecc0f906-8666-484c-bcf8-c3b7520a72f0"}, {"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", "source": "ecc0f906-8666-484c-bcf8-c3b7520a72f0"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.toshibatec.com/information/20240531_01.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ecc0f906-8666-484c-bcf8-c3b7520a72f0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL."}, {"lang": "es", "value": "Parece que algunas claves codificadas se utilizan para la autenticaci\u00f3n en la API interna. Conocer estas claves privadas puede permitir a los atacantes eludir la autenticaci\u00f3n y llegar a las interfaces administrativas. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia."}], "lastModified": "2024-11-21T09:04:00.433", "sourceIdentifier": "ecc0f906-8666-484c-bcf8-c3b7520a72f0"}