Vulners
Lucene search
PaperCut NG < 23.0.9 Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 41 |
|---|---|---|---|---|
 | The vulnerability of the printing control software in PaperCut MF and PaperCut NG lies in the incorrect definition of the link before accessing a file, allowing a violator to delete arbitrary data. | 3 Oct 202400:00 | – | bdu_fstec |
| The vulnerability of the web printing function in the control systems for printing in PaperCut MF and PaperCut NG allows a violator to trigger a service failure. | 10 Oct 202400:00 | – | bdu_fstec |
 | CVE-2024-3037 | 26 Sep 202404:35 | – | circl |
| CVE-2024-4712 | 26 Sep 202404:35 | – | circl |
| CVE-2024-8404 | 26 Sep 202404:35 | – | circl |
| CVE-2024-8405 | 26 Sep 202404:35 | – | circl |
 | PaperCut NG和PaperCut MF 后置链接漏洞 | 14 May 202400:00 | – | cnnvd |
| PaperCut NG和PaperCut MF 后置链接漏洞 | 14 May 202400:00 | – | cnnvd |
| PaperCut NG/MF 安全漏洞 | 26 Sep 202400:00 | – | cnnvd |
| PaperCut NG/MF 后置链接漏洞 | 26 Sep 202400:00 | – | cnnvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(209140);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/27");
script_cve_id(
"CVE-2024-3037",
"CVE-2024-4712",
"CVE-2024-8404",
"CVE-2024-8405"
);
script_name(english:"PaperCut NG < 23.0.9 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"PaperCut NG installed on remote Windows host is affected by a multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows:
- An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with
Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the
Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. The
attacker can leverage this attack by creating a symbolic link, and use this service to delete the file the link
is pointing to. (CVE-2024-3037)
- This vulnerability could potentially allow the creation of files in specific locations used by the Web Print
service. This vulnerability only applies to PaperCut NG/MF Windows servers with the PaperCut Web Print Server
service enabled and uses the image-handler process, which can incorrectly create files that donât exist when a
maliciously formed payload is provided. (CVE-2024-4712)
- CVE-2024-8404 and CVE-2024-8405 have been split to allow the researchers (Trend Micro ZDI) to attribute two
instances of the same vulnerability type to different reporters.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.papercut.com/kb/Main/Security-Bulletin-May-2024");
script_set_attribute(attribute:"solution", value:
"Upgrade to PaperCut NG version 23.0.9 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-8404");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/14");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:papercut:papercut_ng");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2024-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("papercut_ng_win_installed.nbin");
script_require_keys("installed_sw/PaperCut NG", "SMB/Registry/Enumerated");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
'metadata': {'spec_version': '1.0'},
'requires': [
{'scope': 'target', 'match': {'os': 'windows'}}
],
'checks': [
{
'product': {'name': 'PaperCut NG', 'type': 'app'},
'check_algorithm': 'default',
'constraints': [
{'fixed_version': '23.0.9'}
]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Mar 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.17.8
EPSS0.00209
SSVC