Skip to main content

Papercut Mf CVE-2024-1884

MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2024-03-14 eb41dac7-0af8-4f84-9f6d-0272772514f4
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 14, 2024 - 04:15 nvd
MEDIUM 6.5

DescriptionNVD

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

AnalysisAI

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2023-27350 CRITICAL POC
9.8 Apr 20

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui

CVE-2023-39143 CRITICAL POC
9.8 Aug 04

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete

CVE-2023-2533 HIGH POC
8.8 Jun 20

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific condition

CVE-2024-1222 CRITICAL
9.8 Mar 14

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated

CVE-2019-12135 CRITICAL
9.8 Jun 06

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19

CVE-2019-8948 CRITICAL
9.8 Feb 20

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rat

CVE-2024-8404 HIGH
7.8 Sep 26

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print

CVE-2024-4712 HIGH
7.8 May 14

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabl

CVE-2024-3037 HIGH
7.8 May 14

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print

CVE-2014-2657 HIGH
7.5 Apr 28

Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact

CVE-2023-3486 HIGH
7.5 Jul 25

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated att

CVE-2024-1882 HIGH
7.2 Mar 14

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for

Share

CVE-2024-1884 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy