7.2
CVE-2024-1654
- EPSS 1.31%
- Veröffentlicht 14.03.2024 03:15:08
- Zuletzt bearbeitet 23.01.2025 20:29:56
- Quelle eb41dac7-0af8-4f84-9f6d-027277
- CVE-Watchlists
- Unerledigt
LoginUnauthorized write operations in PaperCut NG/MF
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Papercut ≫ Papercut Mf Version < 20.1.10
Papercut ≫ Papercut Mf Version >= 21.0.0 < 21.2.14
Papercut ≫ Papercut Mf Version >= 22.0.0 < 22.1.5
Papercut ≫ Papercut Mf Version >= 23.0.1 < 23.0.7
Papercut ≫ Papercut Ng Version < 20.1.10
Papercut ≫ Papercut Ng Version >= 21.0.0 < 21.2.14
Papercut ≫ Papercut Ng Version >= 22.0.0 < 22.1.5
Papercut ≫ Papercut Ng Version >= 23.0.1 < 23.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.669 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| eb41dac7-0af8-4f84-9f6d-0272772514f4 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-183 Permissive List of Allowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024