https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 <br/></td> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"/>https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 <br/></td> CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"/>

Exploit
CVE-2024-1883

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: Mar 14, 2024 / Updated: 8mo ago

010
CVSS 6.3EPSS 0.04%Medium
CVE info copied to clipboard

Summary

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handleServiceException method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system.

Impact

This vulnerability has a high severity with a CVSS v3 base score of 8.8. It allows remote attackers to bypass authentication on affected PaperCut MF installations. The impact includes high confidentiality, integrity, and availability risks. Successful exploitation could lead to unauthorized access to the system, potentially allowing attackers to view, modify, or delete sensitive information, or disrupt normal system operations.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

PaperCut has issued an update to correct this vulnerability. More details can be found at: https://www.papercut.com/kb/Main/Security-Bulletin-March-2024

Mitigation

1. Apply the patch provided by PaperCut as soon as possible. 2. Implement strong user education to avoid visiting malicious pages or opening suspicious files. 3. Consider implementing additional network security measures to detect and prevent potential exploitation attempts. 4. Regularly monitor system logs for any suspicious authentication activities. 5. Implement the principle of least privilege to minimize the potential impact of a successful attack.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2024-1883

Mar 13, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-1883. See article

Mar 14, 2024 at 4:21 AM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 7.2%)

Mar 14, 2024 at 5:07 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379515)

Mar 18, 2024 at 12:00 AM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 18, 2024 at 8:33 PM
CVSS

A CVSS base score of 6.3 has been assigned.

Sep 26, 2024 at 4:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 26, 2024 at 6:04 AM
Static CVE Timeline Graph

Affected Systems

Papercut/ng
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-784/
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

ZDI-24-784: PaperCut MF handleServiceException Cross-Site Scripting Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF. PaperCut has issued an update to correct this vulnerability.

News

ZDI-24-784: PaperCut MF handleServiceException Cross-Site Scripting Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut MF. PaperCut has issued an update to correct this vulnerability.
CPAI-2024-0258
The post CPAI-2024-0258 appeared first on Check Point Software .
Multiple vulnerabilities in PaperCut NG/MF
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. The vulnerability exists due to improper access restrictions at certain API endpoints.
PaperCut NG/MF Security Bulletin
(also known as “ZDI-CAN-23116” by Trend Micro) This vulnerability could potentially allow an attacker to make an HTTP request look like it came from a PaperCut NG/MF application server. (also known as “ZDI-CAN-22328” by Trend Micro) This vulnerability potentially allows an attacker who already has authenticated access to the admin console to carry out unauthorized write operations which may lead to remote code execution.
CVE-2024-1883
Medium Severity Description This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. Read more at https://www.tenable.com/cve/CVE-2024-1883
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI