CVE-2024-1654

Summary

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.

Affected Software

VendorProductVersion RangeStatus
PaperCutPaperCut NG, PaperCut MF0 < 23.0.7affected
PaperCutPaperCut NG, PaperCut MF0 < 22.1.5affected
PaperCutPaperCut NG, PaperCut MF0 < 21.2.14affected
PaperCutPaperCut NG, PaperCut MF0 < 20.1.10affected

Weaknesses

  • CWE-183: CWE-183 Permissive List of Allowed Inputs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References