CVE-2024-1223— Improper authorization controls in PaperCut NG/MF
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-1223
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper authorization controls in PaperCut NG/MF
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对错误会话暴露数据元素
Source: NVD (National Vulnerability Database)
Vulnerability Title
PaperCut NG 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PaperCut NG是澳大利亚PaperCut公司的一套下一代打印机控制软件。 PaperCut NG/MF存在安全漏洞,该漏洞源于允许攻击者枚举设备API中的信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| PaperCut | PaperCut NG, PaperCut MF | 0 ~ 23.0.7 | - |
II. Public POCs for CVE-2024-1223
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-1223
请登录查看更多情报信息。
Same Patch Batch · PaperCut · 2024-03-14 · 7 CVEs total
| CVE-2024-1222 | 8.6 HIGH | Incorrect authorization controls in PaperCut NG/MF APIs |
| CVE-2024-1654 | 7.2 HIGH | Unauthorized write operations in PaperCut NG/MF |
| CVE-2024-1882 | 7.2 HIGH | Server-side resource injection in PaperCut NG/MF |
| CVE-2024-1884 | 6.5 MEDIUM | Server Side Request Forgery in PaperCut NG/MF |
| CVE-2024-1883 | 6.3 MEDIUM | Reflected XSS in PaperCut NG/MF |
| CVE-2024-1221 | 3.1 LOW | Improper access controls on APIs on Linux and macOS in PaperCut NG/MF |
IV. Related Vulnerabilities
Same product: PaperCut NG, PaperCut MF
- CVE-2024-8404
Arbitrary File Deletion in PaperCut NG/MF Web Print Hot fold - CVE-2024-8405
Arbitrary File Creation in PaperCut NG/MF Web Print leading - CVE-2024-4712
Arbitrary File Creation in PaperCut NG/MF Web Print Image Ha - CVE-2024-3037
Arbitrary File Deletion in PaperCut NG/MF Web Print - CVE-2024-1884
Server Side Request Forgery in PaperCut NG/MF
Same vendor: PaperCut
- CVE-2026-7824
PaperCut Hive (Ricoh): Plain text password in logs - CVE-2026-6418
PaperCut NG/MF: Path Traversal in Shared Account Synchroniza - CVE-2026-6180
PaperCut MF: Card truncation on HP readers - CVE-2026-5115
Session hijacking in PaperCut NG/MF embedded application for - CVE-2026-4794
Multiple cross-site scripting (XSS) vulnerabilities in Paper
Same weakness: CWE-488
- CVE-2026-34391
Fleet Vulnerable to Windows MDM cross-device command disclos - CVE-2026-23919
Insufficient isolation of JavaScript (Duktape) execution con - CVE-2026-27492
Lettermint Node.js SDK leaks email properties to unintended - CVE-2026-23844
Whisper Money has IDOR Vulnerability on sync/balances endpoi - CVE-2026-23646
OpenProject users can delete other user's session, causing t
V. Comments for CVE-2024-1223
No comments yet