CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
29.6%
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation.
Note:
This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a “Privileges Required (PR)” rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.
[
{
"defaultStatus": "unaffected",
"modules": [
"Web Print"
],
"platforms": [
"Windows"
],
"product": "PaperCut NG, PaperCut MF",
"vendor": "PaperCut",
"versions": [
{
"changes": [
{
"at": "23.0.9",
"status": "unaffected"
}
],
"lessThan": "23.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]