CVE-2024-45062 (GCVE-0-2024-45062)
Vulnerability from cvelistv5 – Published: 2025-08-19 13:54 – Updated: 2025-11-03 19:30
VLAI?
Summary
A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB.
Severity ?
6.4 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPrinting | ippusbxd |
Affected:
1.34
|
Credits
Discovered by Aleksandar Nikolic of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45062",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T18:51:18.593876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T18:51:26.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:50.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ippusbxd",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "1.34"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Aleksandar Nikolic of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:54:01.088Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-45062",
"datePublished": "2025-08-19T13:54:01.088Z",
"dateReserved": "2024-08-27T10:57:43.465Z",
"dateUpdated": "2025-11-03T19:30:50.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45062\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2025-08-19T14:15:36.323\",\"lastModified\":\"2025-11-03T20:16:30.013\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB.\"},{\"lang\":\"es\",\"value\":\"OpenPrinting ippusbxd 1.34 presenta una vulnerabilidad de desbordamiento de b\u00fafer basada en pila. Una impresora configurada espec\u00edficamente para IPP a trav\u00e9s de USB puede causar un desbordamiento de b\u00fafer, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en un servicio privilegiado. Para activar la vulnerabilidad, un dispositivo malicioso deber\u00eda estar conectado al sistema vulnerable a trav\u00e9s de USB.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:openprinting:ippusbxd_firmware:1.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38C7602C-1871-48B7-A578-399038183963\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:openprinting:ippusbxd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1639C23B-7CD6-49DB-9D0A-8620668F8195\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45062\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-20T18:51:18.593876Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-19T20:00:30.516Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Discovered by Aleksandar Nikolic of Cisco Talos.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"OpenPrinting\", \"product\": \"ippusbxd\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.34\"}]}], \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2025-08-19T13:54:01.088Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45062\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-20T18:51:26.814Z\", \"dateReserved\": \"2024-08-27T10:57:43.465Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2025-08-19T13:54:01.088Z\", \"assignerShortName\": \"talos\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…