CVE-2024-1654 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
PaperCut	CNA	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
papercut	papercut_mf	𝑥 < 20.1.10
papercut	papercut_mf	21.0.0 ≤ 𝑥 < 21.2.14
papercut	papercut_mf	22.0.0 ≤ 𝑥 < 22.1.5
papercut	papercut_mf	23.0.1 ≤ 𝑥 < 23.0.7
papercut	papercut_ng	𝑥 < 20.1.10
papercut	papercut_ng	21.0.0 ≤ 𝑥 < 21.2.14
papercut	papercut_ng	22.0.0 ≤ 𝑥 < 22.1.5
papercut	papercut_ng	23.0.1 ≤ 𝑥 < 23.0.7

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-183 - Permissive List of Allowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

References

https://www.papercut.com/kb/Main/Security-Bulletin-March-2024

https://www.papercut.com/kb/Main/Security-Bulletin-March-2024