CVE-2024-45062

A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071	Exploit Third Party Advisory Mitigation

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:openprinting:ippusbxd_firmware:1.34:*:*:*:*:*:*:*

cpe:2.3:h:openprinting:ippusbxd:-:*:*:*:*:*:*:*

History

22 Aug 2025, 21:06

Type	Values Removed	Values Added
CPE		cpe:2.3:h:openprinting:ippusbxd:-:::::::* cpe:2.3:o:openprinting:ippusbxd_firmware:1.34:::::::*
First Time		Openprinting ippusbxd Openprinting Openprinting ippusbxd Firmware
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071 - Exploit, Third Party Advisory, Mitigation

20 Aug 2025, 14:40

Type	Values Removed	Values Added
Summary		(es) OpenPrinting ippusbxd 1.34 presenta una vulnerabilidad de desbordamiento de búfer basada en pila. Una impresora configurada específicamente para IPP a través de USB puede causar un desbordamiento de búfer, lo que puede provocar la ejecución de código arbitrario en un servicio privilegiado. Para activar la vulnerabilidad, un dispositivo malicioso debería estar conectado al sistema vulnerable a través de USB.

19 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 14:15

Updated : 2025-08-22 21:06

NVD link : CVE-2024-45062

Mitre link : CVE-2024-45062

CVE.ORG link : CVE-2024-45062

JSON object : View

Products Affected

openprinting

ippusbxd
ippusbxd_firmware

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2024-45062", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2025-08-19T14:15:36.323", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB."}, {"lang": "es", "value": "OpenPrinting ippusbxd 1.34 presenta una vulnerabilidad de desbordamiento de b\u00fafer basada en pila. Una impresora configurada espec\u00edficamente para IPP a trav\u00e9s de USB puede causar un desbordamiento de b\u00fafer, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en un servicio privilegiado. Para activar la vulnerabilidad, un dispositivo malicioso deber\u00eda estar conectado al sistema vulnerable a trav\u00e9s de USB."}], "lastModified": "2025-08-22T21:06:12.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openprinting:ippusbxd_firmware:1.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38C7602C-1871-48B7-A578-399038183963"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:openprinting:ippusbxd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1639C23B-7CD6-49DB-9D0A-8620668F8195"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}