Description
This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-488NVD-CWE-Other
Metadata
- Primary Vendor
- PAPERCUT
- Published
- 3/14/2024
- Last Modified
- 1/23/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
papercut : papercut_mfpapercut : papercut_mfpapercut : papercut_mfpapercut : papercut_mfpapercut : papercut_ngpapercut : papercut_ngpapercut : papercut_ngpapercut : papercut_ng
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.