CVE-2024-8405

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Sep 26, 2024 / Updated: 55d ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don't exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack.

Impact

The primary impact of this vulnerability is on system availability. An attacker with low privileges and local access can exploit this vulnerability to flood disk space, potentially leading to a Denial of Service (DoS) condition. This could significantly disrupt operations for affected Windows servers running PaperCut NG/MF with Web Print enabled. The vulnerability does not directly affect data confidentiality or integrity.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. PaperCut has released version 23.0.9 which addresses this vulnerability. All versions of PaperCut NG and PaperCut MF prior to 23.0.9 are affected and should be updated.

Mitigation

1. Update PaperCut NG/MF to version 23.0.9 or later. 2. If immediate patching is not possible, consider temporarily disabling Web Print functionality on affected Windows servers. 3. Implement strict access controls to limit local access to the server running PaperCut NG/MF. 4. Monitor disk space usage closely for any unusual spikes that could indicate an exploitation attempt. 5. Ensure that user privileges are set to the minimum required for their roles to reduce the risk of exploitation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-8405

Sep 26, 2024 at 2:15 AM
First Article

Feedly found the first article mentioning CVE-2024-8405. See article

Sep 26, 2024 at 2:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 26, 2024 at 2:25 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Oct 3, 2024 at 12:55 AM / nvd
Threat Intelligence Report

The article does not provide specific details about the vulnerability CVE-2024-8405, including its criticality, exploitation in the wild, proof-of-concept exploits, mitigations, detections, or downstream impacts. It mentions that CVE-2024-8404 and CVE-2024-8405 are related vulnerabilities attributed to different reporters but does not elaborate further. For remediation, it is advised to upgrade to PaperCut MF version 23.0.9 or later. See article

Oct 16, 2024 at 8:22 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (209140)

Oct 16, 2024 at 9:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (209141)

Oct 16, 2024 at 9:15 PM
Static CVE Timeline Graph

Affected Systems

Papercut/papercut_mf
+null more

Patches

www.papercut.com
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

References

PaperCut MF < 23.0.9 Multiple Vulnerabilities
Nessus Plugin ID 209141 with High Severity Synopsis PaperCut MF installed on remote Windows host is affected by a multiple vulnerabilities Description The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. The attacker can leverage this attack by creating a symbolic link, and use this service to delete the file the link is pointing to. (CVE-2024-3037) - This vulnerability could potentially allow the creation of files in specific locations used by the Web Print service. This vulnerability only applies to PaperCut NG/MF Windows servers with the PaperCut Web Print Server service enabled and uses the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. (CVE-2024-4712) - CVE-2024-8404 and CVE-2024-8405 have been split to allow the researchers (Trend Micro ZDI) to attribute two instances of the same vulnerability type to different reporters. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to PaperCut MF version 23.0.9 or later. Read more at https://www.tenable.com/plugins/nessus/209141

News

PaperCut MF < 23.0.9 Multiple Vulnerabilities
Nessus Plugin ID 209141 with High Severity Synopsis PaperCut MF installed on remote Windows host is affected by a multiple vulnerabilities Description The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. The attacker can leverage this attack by creating a symbolic link, and use this service to delete the file the link is pointing to. (CVE-2024-3037) - This vulnerability could potentially allow the creation of files in specific locations used by the Web Print service. This vulnerability only applies to PaperCut NG/MF Windows servers with the PaperCut Web Print Server service enabled and uses the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. (CVE-2024-4712) - CVE-2024-8404 and CVE-2024-8405 have been split to allow the researchers (Trend Micro ZDI) to attribute two instances of the same vulnerability type to different reporters. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Upgrade to PaperCut MF version 23.0.9 or later. Read more at https://www.tenable.com/plugins/nessus/209141
ZDI-24-1314: PaperCut NG pc-web-print Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2024-8405.
NA - CVE-2024-8405 - An arbitrary file creation vulnerability exists...
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can...
CVE-2024-8405
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Arbitrary File Creation in PaperCut NG/MF Web Print leading to a Denial of Service attack
Papercut - MEDIUM - CVE-2024-8405 An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI