CVE-2024-1221
3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PaperCut | PaperCut NG, PaperCut MF | 0 < 23.0.7 | affected |
| PaperCut | PaperCut NG, PaperCut MF | 0 < 22.1.5 | affected |
| PaperCut | PaperCut NG, PaperCut MF | 0 < 21.2.14 | affected |
| PaperCut | PaperCut NG, PaperCut MF | 0 < 20.1.10 | affected |
Weaknesses
- CWE-76: CWE-76 Improper Neutralization of Equivalent Special Elements
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.