CVE-2024-1882

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1882
This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

23 Jan 2025, 20:30

Type Values Removed Values Added
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - Vendor Advisory
CPE cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
CWE NVD-CWE-Other
First Time Apple
Microsoft
Papercut
Apple macos
Microsoft windows
Linux linux Kernel
Linux
Papercut papercut Ng
Papercut papercut Mf

21 Nov 2024, 08:51

Type Values Removed Values Added
References () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 - () https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 -

26 Sep 2024, 04:15

Type Values Removed Values Added
Summary
  • (es) Esta vulnerabilidad permite que un usuario administrador ya autenticado cree un payload malicioso que podría aprovecharse para la ejecución remota de código en el servidor que aloja el servidor de aplicaciones PaperCut NG/MF.
Summary (en) This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. (en) This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.
CWE CWE-74 CWE-76

14 Mar 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-14 04:15

Updated : 2025-01-23 20:30

NVD link : CVE-2024-1882

Mitre link : CVE-2024-1882

CVE.ORG link : CVE-2024-1882

JSON object : View

Products Affected

apple

  • macos

microsoft

  • windows

papercut

  • papercut_ng
  • papercut_mf

linux

  • linux_kernel
CWE
CWE-76

Improper Neutralization of Equivalent Special Elements

NVD-CWE-Other