CVE-2024-1223

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1223
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

23 Jan 2025, 20:29

Type Values Removed Values Added
First Time Apple
Microsoft
Papercut
Apple macos
Microsoft windows
Linux linux Kernel
Linux
Papercut papercut Ng
Papercut papercut Mf
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - Vendor Advisory
CWE NVD-CWE-Other
CPE cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

21 Nov 2024, 08:50

Type Values Removed Values Added
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 -

26 Sep 2024, 04:15

Type Values Removed Values Added
CWE CWE-200 CWE-488
Summary
  • (es) Esta vulnerabilidad permite potencialmente la enumeración no autorizada de información de las API del dispositivo integrado. Un atacante ya debe tener conocimiento de alguna combinación de nombres de usuario válidos, nombres de dispositivos y una clave interna del sistema. Para que un ataque de este tipo tenga éxito, el sistema debe estar en un estado de ejecución específico.

14 Mar 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-14 03:15

Updated : 2025-01-23 20:29

NVD link : CVE-2024-1223

Mitre link : CVE-2024-1223

CVE.ORG link : CVE-2024-1223

JSON object : View

Products Affected

apple

  • macos

microsoft

  • windows

papercut

  • papercut_ng
  • papercut_mf

linux

  • linux_kernel
CWE
CWE-488

Exposure of Data Element to Wrong Session

NVD-CWE-Other