Vulnerability Note VU#924506
Toshiba 4690 OS contains an information disclosure vulnerability
The Toshiba 4690 operating system, version 6 (Release 3) and possibly earlier versions, contains an information disclosure vulnerability.
CWE-200: Information Exposure - CVE-2014-4876
The Toshiba 4690 operating system, version 6 (Release 3) and possibly earlier versions, contains an information disclosure vulnerability. Sending a special string to TCP port 54138 causes system environment variables and other information to be returned to an unauthenticated client. The vendor has stated that this disclosure occurs by design as part of the support capabilities of 4690 and that:
A remote, unauthenticated attacker is able to view potentially sensitive system information.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Toshiba Commerce Solutions||Affected||06 Aug 2014||02 Jun 2015|
CVSS Metrics (Learn More)
Thanks to David Odell for reporting this vulnerability.
This document was written by Todd Lewellen and Joel Land.
- CVE IDs: CVE-2014-4876
- Date Public: 08 Jun 2015
- Date First Published: 08 Jun 2015
- Date Last Updated: 08 Jun 2015
- Document Revision: 18