CVE-2024-8405

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF versions with Web Print enabled

Description: The issue is related to an arbitrary file creation vulnerability in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. This vulnerability exists within the web-print.exe process and can be exploited by providing a maliciously formed payload, allowing an attacker to create files that don't exist. This can lead to a Denial of Service (DoS) attack by flooding disk space.

Recommendations: For PaperCut NG/MF versions with Web Print enabled, consider disabling the Web Print feature until a patch is available to prevent exploitation of the arbitrary file creation vulnerability. As a temporary workaround, restrict access to the web-print.exe process to minimize the risk of a Denial of Service (DoS) attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.