Arbitrary File Creation Vulnerability
CVE-2024-8405

5.5MEDIUM

Key Information:

Vendor: Papercut
Status: Papercut Ng, Papercut Mf
Vendor: CVE Published:; 26 September 2024

Summary

An arbitrary file creation flaw in PaperCut NG/MF specifically targets Windows server installations with the Web Print feature enabled. The vulnerability lies in the web-print.exe process, which can be manipulated to create files that shouldn't exist when fed a specially crafted payload. This manipulation can lead to excessive disk space usage, potentially culminating in a Denial of Service (DoS) condition, disrupting the standard operation of the affected server. Organizations using PaperCut on Windows should evaluate their configurations to mitigate potential exploitations.

Affected Version(s)

PaperCut NG, PaperCut MF Windows 0 < 23.0.9

References

https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Sep 4, 2024

Credit

Amol Dosanjh of Trend Micro