Lucene search

Veracode Vulnerability DatabaseVERACODE:44892

HistoryDec 28, 2023 - 3:23 p.m.

Improper Input Validation

2023-12-2815:23:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cups

input validation

ansi escape

vulnerability

arbitrary code

crafted printer name

software

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

CUPS is vulnerable to Improper Input Validation. The vulnerability is due to improper filtering of ANSI escape sequences from shared printer names. This issue can be exploited by an attacker to execute arbitrary code via a crafted printer name.

References

bugzilla.suse.com/show_bug.cgi?id=923909

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

Related for VERACODE:44892