Cyber Resilience

CVE-2024-48394

High

Published: 05 February 2025

Published
05 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48394 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Ndd (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-48394 is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, mapped to CWE-367, in the driver of the NDD Print solution. It affects version 5.24.3 and earlier of the software. The issue enables an unprivileged user to exploit the flaw and gain SYSTEM-level access on the device. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-02-05.

A local attacker with low privileges, such as an unprivileged user on the system, can exploit this vulnerability. Exploitation requires low complexity and no user interaction. Successful attacks allow the attacker to achieve high impacts across confidentiality, integrity, and availability, culminating in full SYSTEM-level privilege escalation on the affected device.

Mitigation details are available in the vendor advisory at https://helpcenter-nddprint.ndd.tech/pt/seguranca-e-compliance/Current/dezembro-2024#0.

EU & UK References

Vulnerability details

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and…

more

before of the software.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

TOCTOU race condition in local driver directly enables local privilege escalation from unprivileged user to SYSTEM.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-53028Shared CWE-367
CVE-2026-41651Shared CWE-367
CVE-2026-41702Shared CWE-367
CVE-2026-27750Shared CWE-367
CVE-2026-21240Shared CWE-367
CVE-2026-45208Shared CWE-367
CVE-2024-45560Shared CWE-367
CVE-2023-20548Shared CWE-367
CVE-2024-53032Shared CWE-367
CVE-2026-20831Shared CWE-367

Affected Assets

Ndd
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the TOCTOU vulnerability by requiring timely identification, reporting, and correction through vendor patches for affected NDD Print driver versions 5.24.3 and earlier.

prevent

Enforces least privilege on processes including drivers, limiting the scope and impact of privilege escalation from unprivileged user to SYSTEM-level access.

prevent

Mandates robust enforcement of access authorizations, addressing the flawed time-of-check to time-of-use logic in the print driver that enables unauthorized SYSTEM access.

References