CVE-2024-8404
CVSS V2 None
CVSS V3 None
Description
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder.
Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.
Note:
This CVE has been split from CVE-2024-3037.
Overview
- CVE ID
- CVE-2024-8404
- Assigner
- PaperCut
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-26T01:42:49.400Z
- Last Modified Date
- 2024-09-26T01:42:49.400Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/ |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8404 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8404 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-06 12:06:00 | Added to TrackCVE |