Lucene search

PaperCutVULNRICHMENT:CVE-2024-8405

HistorySep 26, 2024 - 1:36 a.m.

CVE-2024-8405 Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack

2024-09-2601:36:26

CWE-77

PaperCut

github.com

cve-2024-8405

arbitrary file creation

papercut ng/mf

windows servers

web print

denial of service

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.

Note:

This CVE has been split from CVE-2024-4712.

References

www.papercut.com/kb/Main/Security-Bulletin-May-2024/

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-8405