CVE

CVE-2024-4712

CVE

CVE-2024-4712

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation.

Note:

This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.8

3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/, https://www.papercut.com/kb/Main/security-bulletin-may-2024/

Severity

7.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.8

EPSS Probability

0.00389%

EPSS Percentile

0.59612%

Introduced Version

Fix Available

587db8f73e10b087cec2bb3535c70f0bc9667952

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2024-4712

CVE-2024-4712

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.8

Basic Information

Fix Critical Vulnerabilities Instantly