Skip to main content

Papercut Mf CVE-2024-1882

HIGH
Improper Neutralization of Equivalent Special Elements (CWE-76)
2024-03-14 eb41dac7-0af8-4f84-9f6d-0272772514f4
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 14, 2024 - 04:15 nvd
HIGH 7.2

DescriptionNVD

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.

AnalysisAI

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-76. This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-27350 CRITICAL POC
9.8 Apr 20

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui

CVE-2023-39143 CRITICAL POC
9.8 Aug 04

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete

CVE-2023-2533 HIGH POC
8.8 Jun 20

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific condition

CVE-2024-1222 CRITICAL
9.8 Mar 14

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated

CVE-2019-12135 CRITICAL
9.8 Jun 06

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19

CVE-2019-8948 CRITICAL
9.8 Feb 20

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rat

CVE-2024-8404 HIGH
7.8 Sep 26

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print

CVE-2024-4712 HIGH
7.8 May 14

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabl

CVE-2024-3037 HIGH
7.8 May 14

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print

CVE-2014-2657 HIGH
7.5 Apr 28

Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact

CVE-2023-3486 HIGH
7.5 Jul 25

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated att

CVE-2024-1654 HIGH
7.2 Mar 14

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. Rated high

Share

CVE-2024-1882 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy