CVE-2024-1223

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1223
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

23 Jan 2025, 20:29

Type Values Removed Values Added
First Time Papercut
Microsoft windows
Microsoft
Linux
Apple
Linux linux Kernel
Papercut papercut Ng
Apple macos
Papercut papercut Mf
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - Vendor Advisory
CPE cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CWE NVD-CWE-Other

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 -

26 Sep 2024, 04:15

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad permite potencialmente la enumeración no autorizada de información de las API del dispositivo integrado. Un atacante ya debe tener conocimiento de alguna combinación de nombres de usuario válidos, nombres de dispositivos y una clave interna del sistema. Para que un ataque de este tipo tenga éxito, el sistema debe estar en un estado de ejecución específico.
CWE CWE-200 CWE-488

14 Mar 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-14 03:15

Updated : 2025-01-23 20:29

NVD link : CVE-2024-1223

Mitre link : CVE-2024-1223

CVE.ORG link : CVE-2024-1223

JSON object : View

Products Affected

papercut

  • papercut_ng
  • papercut_mf

linux

  • linux_kernel

microsoft

  • windows

apple

  • macos
CWE
CWE-488

Exposure of Data Element to Wrong Session

NVD-CWE-Other