What is the severity of CVE-2024-1223?

The vulnerability CVE-2024-1223 is classified as a medium severity issue allowing unauthorized information enumeration from embedded device APIs.

How do I fix CVE-2024-1223?

To fix CVE-2024-1223, update your PaperCut NG or MF software to the latest version as recommended by the vendor.

Which versions of PaperCut NG/MF are affected by CVE-2024-1223?

CVE-2024-1223 affects PaperCut NG/MF versions prior to 20.1.10 and between 21.0.0 to 23.0.7.

What type of attack can exploit CVE-2024-1223?

An attacker can exploit CVE-2024-1223 by leveraging existing knowledge of valid usernames, device names, and internal system keys.

Is there a potential risk of data exposure with CVE-2024-1223?

Yes, CVE-2024-1223 poses a risk of unauthorized data exposure from the targeting of embedded device APIs.

Vulnerability/
CVE-2024-1223

medium

4.8

CWE

488

14/3/2024

23/1/2025

CVE-2024-1223: Improper authorization controls in PaperCut NG/MF

First published: Thu Mar 14 2024(Updated: )

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.

Credit: eb41dac7-0af8-4f84-9f6d-0272772514f4

Affected Software	Affected Version	How to fix
PaperCut MF
All of
Any of
PaperCut MF	<20.1.10
PaperCut MF	>=21.0.0<21.2.14
PaperCut MF	>=22.0.0<22.1.5
PaperCut MF	>=23.0.1<23.0.7
PaperCut NG	<20.1.10
PaperCut NG	>=21.0.0<21.2.14
PaperCut NG	>=22.0.0<22.1.5
PaperCut NG	>=23.0.1<23.0.7
Any of
Apple macOS
Linux Kernel
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

https://www.papercut.com/kb/Main/Security-Bulletin-March-2024

Frequently Asked Questions

What is the severity of CVE-2024-1223?
The vulnerability CVE-2024-1223 is classified as a medium severity issue allowing unauthorized information enumeration from embedded device APIs.
How do I fix CVE-2024-1223?
To fix CVE-2024-1223, update your PaperCut NG or MF software to the latest version as recommended by the vendor.
Which versions of PaperCut NG/MF are affected by CVE-2024-1223?
CVE-2024-1223 affects PaperCut NG/MF versions prior to 20.1.10 and between 21.0.0 to 23.0.7.
What type of attack can exploit CVE-2024-1223?
An attacker can exploit CVE-2024-1223 by leveraging existing knowledge of valid usernames, device names, and internal system keys.
Is there a potential risk of data exposure with CVE-2024-1223?
Yes, CVE-2024-1223 poses a risk of unauthorized data exposure from the targeting of embedded device APIs.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/last-modified-date
collector/nvd-api
source/NVD
agent/tags
agent/softwarecombine
vendor/papercut
canonical/papercut mf
version/papercut mf/21.0.0
version/papercut mf/22.0.0
version/papercut mf/23.0.1
canonical/papercut ng
version/papercut ng/21.0.0
version/papercut ng/22.0.0
version/papercut ng/23.0.1
vendor/apple
canonical/apple macos
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.