CVE-2024-1222— Incorrect authorization controls in PaperCut NG/MF APIs

CVSS 8.6 · High EPSS 2.23% · P85 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-1222

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Incorrect authorization controls in PaperCut NG/MF APIs

Source: NVD (National Vulnerability Database)

Vulnerability Description

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

带着不必要的权限执行

Source: NVD (National Vulnerability Database)

Vulnerability Title

PaperCut NG 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PaperCut NG是澳大利亚PaperCut公司的一套下一代打印机控制软件。 PaperCut NG/MF存在安全漏洞，该漏洞源于存在权限提升漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
PaperCut	PaperCut NG, PaperCut MF	0 ~ 23.0.7	-

II. Public POCs for CVE-2024-1222

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-1222

请登录查看更多情报信息。

Same Patch Batch · PaperCut · 2024-03-14 · 7 CVEs total

CVE-2024-1654	7.2 HIGH	Unauthorized write operations in PaperCut NG/MF
CVE-2024-1882	7.2 HIGH	Server-side resource injection in PaperCut NG/MF
CVE-2024-1884	6.5 MEDIUM	Server Side Request Forgery in PaperCut NG/MF
CVE-2024-1883	6.3 MEDIUM	Reflected XSS in PaperCut NG/MF
CVE-2024-1223	4.8 MEDIUM	Improper authorization controls in PaperCut NG/MF
CVE-2024-1221	3.1 LOW	Improper access controls on APIs on Linux and macOS in PaperCut NG/MF

IV. Related Vulnerabilities

Same product: PaperCut NG, PaperCut MF

Same vendor: PaperCut

Same weakness: CWE-250

V. Comments for CVE-2024-1222

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-1222— Incorrect authorization controls in PaperCut NG/MF APIs

I. Basic Information for CVE-2024-1222

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-1222

III. Intelligence Information for CVE-2024-1222

Same Patch Batch · PaperCut · 2024-03-14 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-1222

Leave a comment