Arbitrary File Deletion Vulnerability in PaperCut NG/MF
CVE-2024-8404
Summary
An arbitrary file deletion vulnerability has been identified in PaperCut NG/MF, impacting Windows servers when the Web Print feature is enabled. To exploit this vulnerability, an attacker needs to have local login access to the affected Windows Server and the capability to execute low-privilege code via the web-print-hot-folder feature. The risk is primarily associated with scenarios where non-administrative users are granted local console access on the Windows environment hosting the PaperCut application server. It is important to note that within default Windows Server configurations, such access is typically limited to Administrative accounts, thereby reducing the risk of potential exploitation.
Affected Version(s)
PaperCut NG, PaperCut MF Windows 0 < 23.0.9
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved