10.0
CRITICAL
CVE-2012-1239
"TOSHIBA TEC e-Studio TopAccess Authentication Bypass Vulnerability"
Description

The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors.

INFO

Published Date :

April 6, 2012, 7:55 p.m.

Last Modified :

April 9, 2012, 4 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

10.0

Exploitability Score :

10.0
Affected Products

The following products are affected by CVE-2012-1239 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Toshibatec e-studio-232
2 Toshibatec e-studio-282
3 Toshibatec e-studio-167_with_network_printer_kit_firmware
4 Toshibatec e-studio-181_with_network_printer_kit_firmware
5 Toshibatec e-studio-182_with_network_printer_kit_firmware
6 Toshibatec e-studio-207_with_network_printer_kit_firmware
7 Toshibatec e-studio-232_firmware
8 Toshibatec e-studio-2330c_firmware
9 Toshibatec e-studio-2500c_firmware
10 Toshibatec e-studio-255_firmware
11 Toshibatec e-studio-255p_firmware
12 Toshibatec e-studio-281c_firmware
13 Toshibatec e-studio-282_firmware
14 Toshibatec e-studio-2830c_firmware
15 Toshibatec e-studio-3500c_firmware
16 Toshibatec e-studio-3510c_firmware
17 Toshibatec e-studio-351c_firmware
18 Toshibatec e-studio-352_firmware
19 Toshibatec e-studio-3520c_firmware
20 Toshibatec e-studio-355_firmware
21 Toshibatec e-studio-451c_firmware
22 Toshibatec e-studio-452_firmware
23 Toshibatec e-studio-4520c_firmware
24 Toshibatec e-studio-455_firmware
25 Toshibatec e-studio-5520c_firmware
26 Toshibatec e-studio-600_firmware
27 Toshibatec e-studio-6520c_firmware
28 Toshibatec e-studio-6530c_firmware
29 Toshibatec e-studio-655_firmware
30 Toshibatec e-studio-720_firmware
31 Toshibatec e-studio-755_firmware
32 Toshibatec e-studio-850_firmware
33 Toshibatec e-studio-855_firmware
34 Toshibatec e-studio-tf-182_with_network_printer_kit_firmware
35 Toshibatec e-studio-167_with_network_printer_kit
36 Toshibatec e-studio-181_with_network_printer_kit
37 Toshibatec e-studio-182_with_network_printer_kit
38 Toshibatec e-studio-207_with_network_printer_kit
39 Toshibatec e-studio-2330c
40 Toshibatec e-studio-2500c
41 Toshibatec e-studio-255
42 Toshibatec e-studio-255p
43 Toshibatec e-studio-281c
44 Toshibatec e-studio-2830c
45 Toshibatec e-studio-3500c
46 Toshibatec e-studio-3510c
47 Toshibatec e-studio-351c
48 Toshibatec e-studio-352
49 Toshibatec e-studio-3520c
50 Toshibatec e-studio-355
51 Toshibatec e-studio-451c
52 Toshibatec e-studio-452
53 Toshibatec e-studio-4520c
54 Toshibatec e-studio-455
55 Toshibatec e-studio-5520c
56 Toshibatec e-studio-600
57 Toshibatec e-studio-6520c
58 Toshibatec e-studio-6530c
59 Toshibatec e-studio-655
60 Toshibatec e-studio-720
61 Toshibatec e-studio-755
62 Toshibatec e-studio-850
63 Toshibatec e-studio-855
64 Toshibatec e-studio-tf-182_with_network_printer_kit
: Total Affected Vendor : 1 | Products : 64
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2012-1239.

URL Resource
http://jvn.jp/en/jp/JVN92830293/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000028
http://www.toshibatec.co.jp/information/2012/20120405/

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2012-1239 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2012-1239 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2012-1239 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2012-1239 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

1.16 }} -0.22%

score

0.85197

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability
: