CVE-2024-8404 Information

Sep 27, 2024 cve

Description

An arbitrary file deletion vulnerability exists in PaperCut NG/MF specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder.

Important: In most installations this risk is mitigated by the default Windows Server configuration which restricts local login access to Administrators only. However this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.

Note:

This CVE has been split from CVE-2024-3037.

Reference

https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/

Share on: