https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>https://www.papercut.com/kb/Main/Security-Bulletin-May-2024 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"/>
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG Server. The specific flaw exists within the pc-web-print service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
The impact of this vulnerability is severe. If exploited, it allows an attacker to escalate privileges to SYSTEM level, potentially gaining full control over the affected system. This could lead to unauthorized access to sensitive data, modification of system files, installation of malware, and potential lateral movement within the network. The vulnerability affects the integrity, confidentiality, and availability of the system, all rated as HIGH in the CVSS scoring.
Multiple proof-of-concept exploits are available on zerodayinitiative.com, zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
PaperCut has issued an update to correct this vulnerability. More details can be found at: https://www.papercut.com/kb/Main/Security-Bulletin-May-2024
1. Apply the patch provided by PaperCut as soon as possible. 2. Limit local access to the PaperCut NG Server to only necessary users. 3. Monitor for any suspicious activities or unauthorized privilege escalations on the affected systems. 4. Implement the principle of least privilege for all user accounts. 5. Regularly audit and review file permissions, especially for the pc-web-print service. 6. Consider implementing application whitelisting to prevent unauthorized code execution.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Detection for the vulnerability has been added to Qualys (379806)
EPSS Score was set to: 0.04% (Percentile: 8.4%)
NVD published the first details for CVE-2024-3037
Feedly found the first article mentioning CVE-2024-3037. See article
Feedly estimated the CVSS score as MEDIUM
CVE-2024-3037 is a high-severity arbitrary file deletion vulnerability in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled, requiring local login access for exploitation. There are no details provided regarding exploitation in the wild, proof-of-concept exploits, or downstream impacts on third-party vendors. The recommended mitigation is to upgrade to PaperCut MF version 23.0.9 or later. See article
Detection for the vulnerability has been added to Nessus (209140)
Detection for the vulnerability has been added to Nessus (209141)