CVE-2024-1221
published 2024-03-14CVE-2024-1221: This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The…
PriorityP413low3.1CVSS 3.1
AVNACHPRLUINSUCLINAN
EPSS
0.55%
41.6th percentile
This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| papercut | papercut_mf | < 20.1.10 | 20.1.10 |
| papercut | papercut_mf | >= 21.0.0 < 21.2.14 | 21.2.14 |
| papercut | papercut_mf | >= 22.0.0 < 22.1.5 | 22.1.5 |
| papercut | papercut_mf | >= 23.0.1 < 23.0.7 | 23.0.7 |
| papercut | papercut_ng | < 20.1.10 | 20.1.10 |
| papercut | papercut_ng | >= 21.0.0 < 21.2.14 | 21.2.14 |
| papercut | papercut_ng | >= 22.0.0 < 22.1.5 | 22.1.5 |
| papercut | papercut_ng | >= 23.0.1 < 23.0.7 | 23.0.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-14
Published