CVE-2024-1223

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024	Vendor Advisory
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

23 Jan 2025, 20:29

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:a:papercut:papercut_mf:::::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:papercut:papercut_ng::::::::
First Time		Microsoft Papercut Linux Apple macos Microsoft windows Papercut papercut Ng Linux linux Kernel Papercut papercut Mf Apple
CWE		NVD-CWE-Other
References	~~() https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 -~~	() https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - Vendor Advisory

Information

Published : 2024-03-14 03:15

Updated : 2025-01-23 20:29

NVD link : CVE-2024-1223

Mitre link : CVE-2024-1223

CVE.ORG link : CVE-2024-1223

JSON object : View

Products Affected

apple

macos

papercut

papercut_ng
papercut_mf

linux

linux_kernel

microsoft

windows

CWE

CWE-488

Exposure of Data Element to Wrong Session

NVD-CWE-Other

{"id": "CVE-2024-1223", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2024-03-14T03:15:07.580", "references": [{"url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", "tags": ["Vendor Advisory"], "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4"}, {"url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "description": [{"lang": "en", "value": "CWE-488"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state."}, {"lang": "es", "value": "Esta vulnerabilidad permite potencialmente la enumeraci\u00f3n no autorizada de informaci\u00f3n de las API del dispositivo integrado. Un atacante ya debe tener conocimiento de alguna combinaci\u00f3n de nombres de usuario v\u00e1lidos, nombres de dispositivos y una clave interna del sistema. Para que un ataque de este tipo tenga \u00e9xito, el sistema debe estar en un estado de ejecuci\u00f3n espec\u00edfico."}], "lastModified": "2025-01-23T20:29:14.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87E57A99-6580-4C5D-AD49-2C77153698B5", "versionEndExcluding": "20.1.10"}, {"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC862C5A-C51D-455A-BA4C-62AF4B5593D6", "versionEndExcluding": "21.2.14", "versionStartIncluding": "21.0.0"}, {"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B444455-3DE9-4268-AED3-9457016B833F", "versionEndExcluding": "22.1.5", "versionStartIncluding": "22.0.0"}, {"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06311316-1937-41A4-BEE2-57F7C4F6B6BC", "versionEndExcluding": "23.0.7", "versionStartIncluding": "23.0.1"}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7A1BAB4-D3AC-4A06-B2AB-E46DED8CB19D", "versionEndExcluding": "20.1.10"}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "570DCFBC-7689-4E77-A8BF-8F310545EDE3", "versionEndExcluding": "21.2.14", "versionStartIncluding": "21.0.0"}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "728ECAA8-FE3E-4F6D-8862-AF0C100C6699", "versionEndExcluding": "22.1.5", "versionStartIncluding": "22.0.0"}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7155AC1E-E4C8-4EF5-B593-7C924AF0C625", "versionEndExcluding": "23.0.7", "versionStartIncluding": "23.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4"}