Unauthorized Access to Embedded Device APIs
CVE-2024-1223

4.8MEDIUM

Key Information:

Vendor: Papercut
Status: Papercut Ng, Papercut Mf
Vendor: CVE Published:; 14 March 2024

Summary

This vulnerability poses a risk by potentially enabling unauthorized attackers to enumerate sensitive information from the APIs of embedded devices. Successful exploitation requires the attacker to have prior knowledge of valid usernames, device identities, and an essential internal system key. Additionally, the system must be in a particular runtime state for the enumeration process to occur, thereby elevating the level of difficulty for attackers. However, organizations using affected versions of PaperCut NG and MF should take care to assess their current security posture and implement appropriate mitigating measures.

Affected Version(s)

PaperCut NG, PaperCut MF MacOS 0

PaperCut NG, PaperCut MF MacOS 0 < 23.0.7

PaperCut NG, PaperCut MF MacOS 0 < 22.1.5

References

https://www.papercut.com/kb/Main/Security-Bulletin-March-...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Feb 5, 2024