What is the severity of CVE-2024-4712?

CVE-2024-4712 has been assigned a severity rating that indicates a critical risk due to its potential to allow arbitrary file creation on affected systems.

How do I fix CVE-2024-4712?

To fix CVE-2024-4712, users should apply the latest security patch provided by PaperCut for versions prior to 23.0.9.

Which versions of PaperCut are affected by CVE-2024-4712?

CVE-2024-4712 affects PaperCut NG and MF versions prior to 23.0.9 on Windows servers with Web Print enabled.

What are the potential impacts of exploiting CVE-2024-4712?

Exploitation of CVE-2024-4712 could allow an attacker to create arbitrary files on the server, potentially leading to further system compromise.

Is there a specific operating system affected by CVE-2024-4712?

Yes, CVE-2024-4712 specifically affects Windows servers that are running PaperCut NG or MF with Web Print enabled.

Vulnerability/
CVE-2024-4712

high

7.8

CWE

EPSS

0.043%

14/5/2024

30/1/2025

CVE-2024-4712: Arbitrary File Creation in PaperCut NG/MF Web Print Image Handler

First published: Tue May 14 2024(Updated: )

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.

Credit: eb41dac7-0af8-4f84-9f6d-0272772514f4

Affected Software	Affected Version	How to fix
PaperCut MF
All of
Any of
PaperCut MF	<23.0.9
PaperCut NG	<23.0.9
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-4712?
CVE-2024-4712 has been assigned a severity rating that indicates a critical risk due to its potential to allow arbitrary file creation on affected systems.
How do I fix CVE-2024-4712?
To fix CVE-2024-4712, users should apply the latest security patch provided by PaperCut for versions prior to 23.0.9.
Which versions of PaperCut are affected by CVE-2024-4712?
CVE-2024-4712 affects PaperCut NG and MF versions prior to 23.0.9 on Windows servers with Web Print enabled.
What are the potential impacts of exploiting CVE-2024-4712?
Exploitation of CVE-2024-4712 could allow an attacker to create arbitrary files on the server, potentially leading to further system compromise.
Is there a specific operating system affected by CVE-2024-4712?
Yes, CVE-2024-4712 specifically affects Windows servers that are running PaperCut NG or MF with Web Print enabled.

agent/type
agent/first-publish-date
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/severity
agent/weakness
agent/description
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
vendor/papercut
canonical/papercut mf
canonical/papercut ng
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.