CVE-2024-27172
published 2024-06-14CVE-2024-27172: Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
26.81%
97.8th percentile
Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| toshiba_tec_corporation | toshiba_tec_e-studio_multi-function_peripheral | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
ghsa·2026-04-27·CVSS 7.8
CVE-2026-27172 [HIGH] CWE-502 Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject() without configuring an ObjectInputFilter. An attacker who can write to the Consul KV store backing a Camel ConsulRegistry instance could inject a malicious serialized Java object that is deserialized the next time Camel performs a lookup against that registry, leading to arbitrary code execution in the Camel process. The issue mirrors the class of vulnerability already addressed for other Camel components in CVE-2024-22369, CVE-2024-23114 and CVE-2026-257
GHSA
GHSA-62h4-7wfv-fw7q: Remote Command program allows an attacker to get Remote Code Execution
ghsa_unreviewed·2024-06-14
CVE-2024-27172 [CRITICAL] CWE-78 GHSA-62h4-7wfv-fw7q: Remote Command program allows an attacker to get Remote Code Execution
Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2024/Jul/1https://jvn.jp/en/vu/JVNVU97136265/index.htmlhttps://www.toshibatec.com/information/20240531_01.htmlhttps://www.toshibatec.com/information/pdf/information20240531_01.pdfhttp://seclists.org/fulldisclosure/2024/Jul/1https://jvn.jp/en/vu/JVNVU97136265/index.htmlhttps://www.toshibatec.com/information/20240531_01.htmlhttps://www.toshibatec.com/information/pdf/information20240531_01.pdf
2024-06-14
Published