{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8404", "assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "state": "PUBLISHED", "assignerShortName": "PaperCut", "dateReserved": "2024-09-04T05:55:44.460Z", "datePublished": "2024-09-26T01:42:49.400Z", "dateUpdated": "2025-05-13T01:39:33.742Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Web Print"], "platforms": ["Windows"], "product": "PaperCut NG, PaperCut MF", "vendor": "PaperCut", "versions": [{"changes": [{"at": "24.1.7", "status": "unaffected"}], "lessThan": "24.1.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Amol Dosanjh of Trend Micro"}, {"lang": "en", "type": "finder", "value": "Nicholas Zubrisky (@NZubrisky) of Trend Micro"}, {"lang": "en", "type": "finder", "value": "Michael DePlante (@izobashi) of Trend Micro's ZDI"}], "datePublic": "2024-09-26T01:35:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: transparent;\">An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. </span></p><p><span style=\"background-color: transparent;\">Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.</span></p><p><span style=\"background-color: transparent;\">Update:</span></p><p><span style=\"background-color: transparent;\">This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.</span></p><p><span style=\"background-color: transparent;\">Note: </span></p><p><span style=\"background-color: transparent;\">This CVE has been split from CVE-2024-3037.</span><br></p>"}], "value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nUpdate:\n\nThis CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.\n\nNote: \n\nThis CVE has been split from CVE-2024-3037."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "shortName": "PaperCut", "dateUpdated": "2025-05-13T01:39:33.742Z"}, "references": [{"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2025/"}, {"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "papercut", "product": "papercut_mf", "cpes": ["cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "23.0.9", "versionType": "custom"}]}, {"vendor": "papercut", "product": "papercut_ng", "cpes": ["cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "23.0.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T14:59:11.788417Z", "id": "CVE-2024-8404", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T15:01:21.951Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8404", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T14:59:11.788417Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*"], "vendor": "papercut", "product": "papercut_mf", "versions": [{"status": "affected", "version": "0", "lessThan": "23.0.9", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"], "vendor": "papercut", "product": "papercut_ng", "versions": [{"status": "affected", "version": "0", "lessThan": "23.0.9", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T15:01:14.869Z"}}], "cna": {"title": "Arbitrary File Deletion in PaperCut NG/MF Web Print Hot folder", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Amol Dosanjh of Trend Micro"}, {"lang": "en", "type": "finder", "value": "Nicholas Zubrisky (@NZubrisky) of Trend Micro"}, {"lang": "en", "type": "finder", "value": "Michael DePlante (@izobashi) of Trend Micro's ZDI"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PaperCut", "modules": ["Web Print"], "product": "PaperCut NG, PaperCut MF", "versions": [{"status": "affected", "changes": [{"at": "24.1.7", "status": "unaffected"}], "version": "0", "lessThan": "24.1.7", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2024-09-26T01:35:00.000Z", "references": [{"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2025/"}, {"url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nUpdate:\n\nThis CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.\n\nNote: \n\nThis CVE has been split from CVE-2024-3037.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: transparent;\">An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. </span></p><p><span style=\"background-color: transparent;\">Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.</span></p><p><span style=\"background-color: transparent;\">Update:</span></p><p><span style=\"background-color: transparent;\">This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.</span></p><p><span style=\"background-color: transparent;\">Note: </span></p><p><span style=\"background-color: transparent;\">This CVE has been split from CVE-2024-3037.</span><br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}], "providerMetadata": {"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "shortName": "PaperCut", "dateUpdated": "2025-05-13T01:39:33.742Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8404", "state": "PUBLISHED", "dateUpdated": "2025-05-13T01:39:33.742Z", "dateReserved": "2024-09-04T05:55:44.460Z", "assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "datePublished": "2024-09-26T01:42:49.400Z", "assignerShortName": "PaperCut"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AE8A9B5-11C6-4FE2-B672-0EC6EF8075CC", "versionEndExcluding": "23.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA96610E-7518-4215-B5FF-1B4444BE2DA4", "versionEndExcluding": "23.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. \n\nImportant: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.\n\nUpdate:\n\nThis CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.\n\nNote: \n\nThis CVE has been split from CVE-2024-3037."}, {"lang": "es", "value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en PaperCut NG/MF, que afecta espec\u00edficamente a servidores Windows con Web Print habilitado. Para explotar esta vulnerabilidad, un atacante primero debe obtener acceso de inicio de sesi\u00f3n local al servidor Windows que aloja PaperCut NG/MF y ser capaz de ejecutar c\u00f3digo con privilegios bajos directamente en el servidor a trav\u00e9s de la carpeta activa de impresi\u00f3n web. Importante: En la mayor\u00eda de las instalaciones, este riesgo se mitiga con la configuraci\u00f3n predeterminada de Windows Server, que restringe el acceso de inicio de sesi\u00f3n local solo a los administradores. Sin embargo, esta vulnerabilidad podr\u00eda representar un riesgo para los clientes que permiten que usuarios no administrativos inicien sesi\u00f3n en la consola local del entorno Windows que aloja el servidor de aplicaciones PaperCut NG/MF. Nota: Esta CVE se ha separado de CVE-2024-3037."}], "id": "CVE-2024-8404", "lastModified": "2025-05-13T03:15:23.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-26T02:15:02.797", "references": [{"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2024/"}, {"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "url": "https://www.papercut.com/kb/Main/Security-Bulletin-May-2025/"}], "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}