CVE-2024-1223

Summary

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

Affected Software

VendorProductVersion RangeStatus
PaperCutPaperCut NG, PaperCut MF0 < 23.0.7affected
PaperCutPaperCut NG, PaperCut MF0 < 22.1.5affected
PaperCutPaperCut NG, PaperCut MF0 < 21.2.14affected
PaperCutPaperCut NG, PaperCut MF0 < 20.1.10affected

Weaknesses

  • CWE-488: CWE-488: Exposure of Data Element to Wrong Session

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References