CVE-2024-1221

2024-03-1403:15:06

CWE-76

eb41dac7-0af8-4f84-9f6d-0272772514f4

web.nvd.nist.gov

vulnerability

papercut

cve-2024-1221

linux

macos

api

endpoint

exposure

server

payload

reconnaissance

system token

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

28.8%

JSON

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.