Vulnerability Description
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Papercut | Papercut Mf | < 20.1.10 |
| Papercut | Papercut Ng | < 20.1.10 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.papercut.com/kb/Main/Security-Bulletin-March-2024Vendor Advisory
- https://www.papercut.com/kb/Main/Security-Bulletin-March-2024Vendor Advisory
FAQ
What is CVE-2024-1223?
CVE-2024-1223 is a vulnerability with a CVSS score of 4.8 (MEDIUM). This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, de...
How severe is CVE-2024-1223?
CVE-2024-1223 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1223?
Check the references section above for vendor advisories and patch information. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng, Apple Macos, Linux Linux Kernel, Microsoft Windows.