| CVE ID | CVE-2024-1223 |
| CVSS SCORE | 8.2, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
| AFFECTED VENDORS |
PaperCut |
| AFFECTED PRODUCTS |
NG |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a VendorKeys object. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the External Devices API. |
| ADDITIONAL DETAILS |
PaperCut has issued an update to correct this vulnerability. More details can be found at:
https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Ahmed Y. Elmogy |
