CVE-2024-8405

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*

History

03 Oct 2024, 00:51

Type Values Removed Values Added
CPE cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
References () https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/ - () https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/ - Vendor Advisory
First Time Papercut papercut Ng
Papercut
Papercut papercut Mf
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 5.5

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de creación de archivos arbitrarios en PaperCut NG/MF que solo afecta a los servidores Windows con Web Print habilitado. Esta falla específica existe dentro del proceso web-print.exe, que puede crear incorrectamente archivos que no existen cuando se proporciona un payload malicioso. Esto se puede utilizar para inundar el espacio del disco y provocar un ataque de denegación de servicio (DoS). Nota: esta CVE se ha separado de CVE-2024-4712.

26 Sep 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 02:15

Updated : 2024-10-03 00:51


NVD link : CVE-2024-8405

Mitre link : CVE-2024-8405

CVE.ORG link : CVE-2024-8405


JSON object : View

Products Affected

papercut

  • papercut_mf
  • papercut_ng
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')