Lucene search

Eb41dac7-0af8-4f84-9f6d-0272772514f4NVD:CVE-2024-8405

HistorySep 26, 2024 - 2:15 a.m.

CVE-2024-8405

2024-09-2602:15:03

CWE-77

eb41dac7-0af8-4f84-9f6d-0272772514f4

web.nvd.nist.gov

arbitrary file creation

papercut ng/mf

windows servers

web print

web-print.exe process

denial of service

cve-2024-8405

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

29.6%

JSON

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.

Note:

This CVE has been split from CVE-2024-4712.

References

www.papercut.com/kb/Main/Security-Bulletin-May-2024/

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

29.6%

JSON

Related for NVD:CVE-2024-8405