fkie_cve-2024-8404
Vulnerability from fkie_nvd
Published
2024-09-26 02:15
Modified
2024-10-03 15:19
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder.
Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.
Note:
This CVE has been split from CVE-2024-3037.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| eb41dac7-0af8-4f84-9f6d-0272772514f4 | https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| papercut | papercut_mf | * | |
| papercut | papercut_ng | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE8A9B5-11C6-4FE2-B672-0EC6EF8075CC",
"versionEndExcluding": "23.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA96610E-7518-4215-B5FF-1B4444BE2DA4",
"versionEndExcluding": "23.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nNote: \n\nThis CVE has been split from CVE-2024-3037."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en PaperCut NG/MF, que afecta espec\u00edficamente a servidores Windows con Web Print habilitado. Para explotar esta vulnerabilidad, un atacante primero debe obtener acceso de inicio de sesi\u00f3n local al servidor Windows que aloja PaperCut NG/MF y ser capaz de ejecutar c\u00f3digo con privilegios bajos directamente en el servidor a trav\u00e9s de la carpeta activa de impresi\u00f3n web. Importante: En la mayor\u00eda de las instalaciones, este riesgo se mitiga con la configuraci\u00f3n predeterminada de Windows Server, que restringe el acceso de inicio de sesi\u00f3n local solo a los administradores. Sin embargo, esta vulnerabilidad podr\u00eda representar un riesgo para los clientes que permiten que usuarios no administrativos inicien sesi\u00f3n en la consola local del entorno Windows que aloja el servidor de aplicaciones PaperCut NG/MF. Nota: Esta CVE se ha separado de CVE-2024-3037."
}
],
"id": "CVE-2024-8404",
"lastModified": "2024-10-03T15:19:28.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-26T02:15:02.797",
"references": [
{
"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"tags": [
"Vendor Advisory"
],
"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/"
}
],
"sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.