CVE-2024-1882

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1882
This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

23 Jan 2025, 20:30

Type Values Removed Values Added
CPE cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CWE NVD-CWE-Other
First Time Papercut
Microsoft windows
Microsoft
Linux
Apple
Linux linux Kernel
Papercut papercut Ng
Apple macos
Papercut papercut Mf
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - Vendor Advisory

21 Nov 2024, 08:51

Type Values Removed Values Added
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 -

26 Sep 2024, 04:15

Type Values Removed Values Added
CWE CWE-74 CWE-76
Summary
  • (es) Esta vulnerabilidad permite que un usuario administrador ya autenticado cree un payload malicioso que podría aprovecharse para la ejecución remota de código en el servidor que aloja el servidor de aplicaciones PaperCut NG/MF.
Summary (en) This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. (en) This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.

14 Mar 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-14 04:15

Updated : 2025-01-23 20:30

NVD link : CVE-2024-1882

Mitre link : CVE-2024-1882

CVE.ORG link : CVE-2024-1882

JSON object : View

Products Affected

papercut

  • papercut_ng
  • papercut_mf

linux

  • linux_kernel

microsoft

  • windows

apple

  • macos
CWE
CWE-76

Improper Neutralization of Equivalent Special Elements

NVD-CWE-Other