Platform
windows
Component
papercut-ng-mf
Fixed in
23.0.9
CVE-2024-3037 describes an arbitrary file deletion vulnerability within PaperCut NG/MF, specifically impacting Windows servers utilizing the Web Print feature. Successful exploitation requires an attacker to first gain local login access to the affected server and possess the ability to execute low-privilege code. While default Windows Server configurations often mitigate this risk, certain deployments may be vulnerable.
This vulnerability allows an authenticated attacker with local login access to delete arbitrary files on the Windows server hosting PaperCut NG/MF. The potential impact is significant, ranging from data loss and disruption of services to potential compromise of the entire server if critical system files are deleted. The attacker's ability to execute low-privilege code means that even accounts with limited permissions could potentially trigger file deletion, depending on the server's configuration and access controls. This is not a remote code execution vulnerability, but the ability to delete files can be a precursor to other attacks or used to disrupt operations.
CVE-2024-3037 was publicly disclosed on May 14, 2024. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that such exploits could emerge relatively quickly.
Exploit Status
EPSS
0.11% (30% percentile)
CVSS Vector
The primary mitigation for CVE-2024-3037 is to upgrade PaperCut NG/MF to version 23.0.9 or later, which contains the fix. If an immediate upgrade is not feasible, restrict local login access to the Windows Server hosting PaperCut NG/MF to only administrative accounts. Review and tighten file system permissions to limit the scope of potential file deletions. Consider implementing a robust backup and recovery strategy to minimize data loss in the event of a successful attack. After upgrade, confirm the vulnerability is resolved by attempting a file deletion via the vulnerable endpoint with a low-privilege account.
Update PaperCut NG/MF to a version that contains the fix for this vulnerability. Ensure that only administrators have local login access to the Windows server hosting PaperCut NG/MF.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-3037 is a HIGH severity vulnerability allowing authenticated local users to delete files on PaperCut NG/MF Windows servers with Web Print enabled. It affects versions 0–23.0.9.
You are affected if you use PaperCut NG/MF versions 0–23.0.9 on a Windows server with Web Print enabled and have non-administrative users with local login access.
Upgrade PaperCut NG/MF to version 23.0.9 or later. Restrict local login access to administrative accounts as a temporary workaround.
There is currently no evidence of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official PaperCut security advisory: https://www.papercut.com/security-advisory-ngmf-2024-002/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.