216.73.217.172

CVE-2024-8404

· Published 26/09/2024 02:15 · Modified 03/10/2024 15:19

Labels: CVE-2024-8404 2024-09-26CVE-2024-8404CWE-59eb41dac7-0af8-4f84-9f6d-0272772514f4

Essential information

Published
26/09/2024 02:15
Modified
03/10/2024 15:19
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
eb41dac7-0af8-4f84-9f6d-0272772514f4
NVD
View on NVD

Affected products (CPE)

ProductCPE
papercut / papercut mf cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
papercut / papercut ng cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*

References