PT-2023-13008 · Toshiba · Toshiba Storage Security

Donghyun Kim

Published

2023-01-31

Updated

2025-03-27

CVE-2022-30421

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Toshiba Storage Security Software version 1.2.0.7413

Description The issue is related to an Improper Authentication vulnerability that allows sensitive information to be obtained via the local password authentication module.

Recommendations For Toshiba Storage Security Software version 1.2.0.7413, consider disabling the local password authentication module until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2022-30421

GHSA-PX7R-44VJ-8H7M

Affected Products

Toshiba Storage Security

PT-2023-13008 · Toshiba · Toshiba Storage Security

CVE-2022-30421

Weakness Enumeration

Related Identifiers

Affected Products

References · 8