Lucene search

PaperCutVULNRICHMENT:CVE-2024-1223

HistoryMar 14, 2024 - 3:04 a.m.

CVE-2024-1223 Improper authorization controls in PaperCut NG/MF

2024-03-1403:04:43

CWE-488

PaperCut

github.com

improper authorization

papercut ng/mf

unauthorized enumeration

embedded device apis

runtime state

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

4.8

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

References

www.papercut.com/kb/Main/Security-Bulletin-March-2024

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

4.8

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1223