CVE-2024-48394

High

Published: 05 February 2025

Published

05 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 11.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software.

Security Summary

CVE-2024-48394 is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, mapped to CWE-367, in the driver of the NDD Print solution. It affects version 5.24.3 and earlier of the software. The issue enables an unprivileged user to exploit the flaw and gain SYSTEM-level access on the device. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-02-05.

A local attacker with low privileges, such as an unprivileged user on the system, can exploit this vulnerability. Exploitation requires low complexity and no user interaction. Successful attacks allow the attacker to achieve high impacts across confidentiality, integrity, and availability, culminating in full SYSTEM-level privilege escalation on the affected device.

Mitigation details are available in the vendor advisory at https://helpcenter-nddprint.ndd.tech/pt/seguranca-e-compliance/Current/dezembro-2024#0.

Details

CWE(s): CWE-367

References

https://helpcenter-nddprint.ndd.tech/pt/seguranca-e-compliance/Current/dezembro-2024#0
cve@mitre.org