Main Vulnerability Database Vulnerabilities #VU92183

#VU92183 Improper access control in PaperCut NG and PaperCut MF - CVE-2024-4712

Published: June 17, 2024 / Updated: August 22, 2024

Vulnerability identifier: #VU92183

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-4712

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PaperCut NG
PaperCut MF

Software vendor:
PaperCut Software

Description

The vulnerability allows a local user to create arbitrary files.

The vulnerability exists due to improper access restrictions. A local user member of a domain admin group can create arbitrary files on the system in specific locations used by the Web Print service.

The vulnerability affects Windows servers with Web Print enabled.

Remediation

Install updates from vendor's website.

External links

https://www.papercut.com/kb/Main/security-bulletin-may-2024/
https://www.zerodayinitiative.com/advisories/ZDI-24-1155/

#VU92183 Improper access control in PaperCut NG and PaperCut MF - CVE-2024-4712

Description

Remediation

External links

Please verify you're human