{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55749?format=json","vulnerability_id":"VCID-uzfb-etxr-afce","summary":"All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and  difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the \"Base Score\" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point.\n https://www.toshibatec.com/contacts/products/ \nAs for the affected products/models/versions, see the reference URL.","aliases":[{"alias":"CVE-2024-27160"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27160","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22187","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21998","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27160"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jul/1","reference_id":"1","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T16:47:29Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jul/1"},{"reference_url":"https://www.toshibatec.com/information/20240531_01.html","reference_id":"20240531_01.html","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T16:47:29Z/"}],"url":"https://www.toshibatec.com/information/20240531_01.html"},{"reference_url":"https://jvn.jp/en/vu/JVNVU97136265/index.html","reference_id":"index.html","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T16:47:29Z/"}],"url":"https://jvn.jp/en/vu/JVNVU97136265/index.html"},{"reference_url":"https://www.toshibatec.com/information/pdf/information20240531_01.pdf","reference_id":"information20240531_01.pdf","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T16:47:29Z/"}],"url":"https://www.toshibatec.com/information/pdf/information20240531_01.pdf"}],"weaknesses":[{"cwe_id":798,"name":"Use of Hard-coded Credentials","description":"The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data."}],"exploits":[],"severity_range_score":"6.2 - 6.2","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzfb-etxr-afce"}