CVE-2024-1654

EUVD-2024-17389
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
papercutpapercut_mf
𝑥
< 20.1.10
papercutpapercut_mf
21.0.0 ≤
𝑥
< 21.2.14
papercutpapercut_mf
22.0.0 ≤
𝑥
< 22.1.5
papercutpapercut_mf
23.0.1 ≤
𝑥
< 23.0.7
papercutpapercut_ng
𝑥
< 20.1.10
papercutpapercut_ng
21.0.0 ≤
𝑥
< 21.2.14
papercutpapercut_ng
22.0.0 ≤
𝑥
< 22.1.5
papercutpapercut_ng
23.0.1 ≤
𝑥
< 23.0.7
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
papercutpapercut_mf
𝑥
< 23.0.7
ADP
papercutpapercut_mf
𝑥
< 22.1.5
ADP
papercutpapercut_mf
𝑥
< 21.2.14
ADP
papercutpapercut_mf
𝑥
< 20.1.10
ADP
papercutpapercut_ng
𝑥
< 23.0.7
ADP
papercutpapercut_ng
𝑥
< 22.1.5
ADP
papercutpapercut_ng
𝑥
< 21.2.14
ADP
papercutpapercut_ng
𝑥
< 20.1.10
ADP
Common Weakness Enumeration
References
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024