CVE-2024-1223 MEDIUM

CVE-2024-1223: Improper authorization controls in PaperCut NG/MF

Vendor Papercut
Product PaperCut NG, PaperCut MF
Weakness CWE-488
Published March 14, 2024
Last update September 26, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

Key dates

02Disclosure timeline

March 14, 2024 CVE published
September 26, 2024 Record updated