https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 <br/></td> CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"/>https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 <br/></td> CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"/>

Exploit
CVE-2024-1221

Improper Input Validation (CWE-20)

Published: Mar 14, 2024 / Updated: 8mo ago

010
CVSS 3.1EPSS 0.04%Low
CVE info copied to clipboard

Summary

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut NG. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the upload endpoint. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of root.

Impact

This vulnerability has a high impact on confidentiality. Attackers can potentially access and read sensitive information stored on the affected system, including data that should only be accessible to users with root privileges. This could lead to exposure of critical system information, user data, or other confidential content. The vulnerability has a CVSS base score of 6.5, which is considered medium severity. However, the confidentiality impact is rated as HIGH, indicating significant potential for data exposure.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

PaperCut has issued an update to correct this vulnerability. More details can be found at: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024

Mitigation

1. Apply the patch provided by PaperCut as soon as possible. 2. Monitor and audit file upload activities, especially those targeting the upload endpoint. 3. Implement strong authentication mechanisms and regularly review and update access controls. 4. Consider implementing additional security measures such as input validation and sanitization for file uploads. 5. Regularly monitor system logs for any suspicious activities related to file access or information disclosure. 6. If immediate patching is not possible, consider temporarily disabling or restricting access to the upload functionality until the patch can be applied.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-1221

Mar 13, 2024 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2024-1221. See article

Mar 14, 2024 at 3:21 AM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 7.2%)

Mar 14, 2024 at 5:07 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379515)

Mar 18, 2024 at 12:00 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jun 18, 2024 at 8:16 PM
CVSS

A CVSS base score of 3.1 has been assigned.

Sep 26, 2024 at 4:20 AM / nvd
Static CVE Timeline Graph

Affected Systems

Apple/macos
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-780/
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

ZDI-24-780: PaperCut NG upload Link Following Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut NG. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-1221.

News

ZDI-24-780: PaperCut NG upload Link Following Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PaperCut NG. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-1221.
Update Fri Mar 22 02:01:44 UTC 2024
Update Fri Mar 22 02:01:44 UTC 2024
Update Wed Mar 20 02:01:01 UTC 2024
Update Wed Mar 20 02:01:01 UTC 2024
Multiple vulnerabilities in PaperCut NG/MF
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. The vulnerability exists due to improper access restrictions at certain API endpoints.
PaperCut NG/MF Security Bulletin
(also known as “ZDI-CAN-23116” by Trend Micro) This vulnerability could potentially allow an attacker to make an HTTP request look like it came from a PaperCut NG/MF application server. (also known as “ZDI-CAN-22328” by Trend Micro) This vulnerability potentially allows an attacker who already has authenticated access to the admin console to carry out unauthorized write operations which may lead to remote code execution.
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI