{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45062", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-08-27T10:57:43.465Z", "datePublished": "2025-08-19T13:54:01.088Z", "dateUpdated": "2025-08-20T18:51:26.814Z"}, "containers": {"cna": {"affected": [{"vendor": "OpenPrinting", "product": "ippusbxd", "versions": [{"version": "1.34", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE", "cweId": "CWE-121"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-08-19T13:54:01.088Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071"}], "credits": [{"lang": "en", "value": "Discovered by Aleksandar Nikolic of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-20T18:51:18.593876Z", "id": "CVE-2024-45062", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T18:51:26.814Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45062", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-20T18:51:18.593876Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T20:00:30.516Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Aleksandar Nikolic of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "OpenPrinting", "product": "ippusbxd", "versions": [{"status": "affected", "version": "1.34"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071"}], "descriptions": [{"lang": "en", "value": "A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-08-19T13:54:01.088Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45062", "state": "PUBLISHED", "dateUpdated": "2025-08-20T18:51:26.814Z", "dateReserved": "2024-08-27T10:57:43.465Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2025-08-19T13:54:01.088Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openprinting:ippusbxd_firmware:1.34:*:*:*:*:*:*:*", "matchCriteriaId": "38C7602C-1871-48B7-A578-399038183963", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:openprinting:ippusbxd:-:*:*:*:*:*:*:*", "matchCriteriaId": "1639C23B-7CD6-49DB-9D0A-8620668F8195", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB."}, {"lang": "es", "value": "OpenPrinting ippusbxd 1.34 presenta una vulnerabilidad de desbordamiento de b\u00fafer basada en pila. Una impresora configurada espec\u00edficamente para IPP a trav\u00e9s de USB puede causar un desbordamiento de b\u00fafer, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en un servicio privilegiado. Para activar la vulnerabilidad, un dispositivo malicioso deber\u00eda estar conectado al sistema vulnerable a trav\u00e9s de USB."}], "id": "CVE-2024-45062", "lastModified": "2025-08-22T21:06:12.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-19T14:15:36.323", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory", "Mitigation"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2071"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}

{}