SB2024061721 - Multiple vulnerabilities in PaperCut NG/MF
Published: June 17, 2024 Updated: October 3, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2024-3037)
The vulnerability allows a local user to delete arbitrary files.
The vulnerability exists due to improper access restrictions. A local user member of a domain admin group can delete arbitrary files on the system.
The vulnerability affects Windows servers with Web Print enabled.
2) Improper access control (CVE-ID: CVE-2024-4712)
The vulnerability allows a local user to create arbitrary files.
The vulnerability exists due to improper access restrictions. A local user member of a domain admin group can create arbitrary files on the system in specific locations used by the Web Print service.
The vulnerability affects Windows servers with Web Print enabled.
3) Improper access control (CVE-ID: CVE-2024-8405)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A local user member of a domain admin group can create arbitrary files on the system in specific locations used by the Web Print service and perform a denial of service (DoS) attack.
The vulnerability affects Windows servers with Web Print enabled.
4) Improper access control (CVE-ID: CVE-2024-8404)
The vulnerability allows a local user to delete arbitrary files.
The vulnerability exists due to improper access restrictions. A local user member of a domain admin group can delete arbitrary files on the system via the web-print-hot-folder.
The vulnerability affects Windows servers with Web Print enabled.
Remediation
Install update from vendor's website.