プラットフォーム
windows
コンポーネント
papercut-ng-mf
修正版
23.0.9
CVE-2024-3037 describes an arbitrary file deletion vulnerability within PaperCut NG/MF, specifically impacting Windows servers utilizing the Web Print feature. Successful exploitation requires an attacker to first gain local login access to the affected server and possess the ability to execute low-privilege code. While default Windows Server configurations often mitigate this risk, certain deployments may be vulnerable.
This vulnerability allows an authenticated attacker with local login access to delete arbitrary files on the Windows server hosting PaperCut NG/MF. The potential impact is significant, ranging from data loss and disruption of services to potential compromise of the entire server if critical system files are deleted. The attacker's ability to execute low-privilege code means that even accounts with limited permissions could potentially trigger file deletion, depending on the server's configuration and access controls. This is not a remote code execution vulnerability, but the ability to delete files can be a precursor to other attacks or used to disrupt operations.
CVE-2024-3037 was publicly disclosed on May 14, 2024. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that such exploits could emerge relatively quickly.
Organizations utilizing PaperCut NG/MF on Windows servers with Web Print enabled are at risk, particularly those with configurations that allow non-administrative users local login access. Shared hosting environments where multiple users share access to the same server are also potentially vulnerable.
• windows / supply-chain:
Get-WmiObject -Class Win32_Process | Where-Object {$_.ProcessName -like '*PaperCut*'} | Select-Object ProcessID, CommandLine• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*PaperCut*'} | Select-Object TaskName, State, LastRunTime• windows / supply-chain: Check Windows Event Logs for errors related to file access or deletion originating from the PaperCut NG/MF service.
disclosure
エクスプロイト状況
EPSS
0.11% (30% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2024-3037 is to upgrade PaperCut NG/MF to version 23.0.9 or later, which contains the fix. If an immediate upgrade is not feasible, restrict local login access to the Windows Server hosting PaperCut NG/MF to only administrative accounts. Review and tighten file system permissions to limit the scope of potential file deletions. Consider implementing a robust backup and recovery strategy to minimize data loss in the event of a successful attack. After upgrade, confirm the vulnerability is resolved by attempting a file deletion via the vulnerable endpoint with a low-privilege account.
Actualice PaperCut NG/MF a una versión que contenga la corrección para esta vulnerabilidad. Asegúrese de que solo los administradores tengan acceso de inicio de sesión local al servidor Windows que aloja PaperCut NG/MF.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-3037 is a HIGH severity vulnerability allowing authenticated local users to delete files on PaperCut NG/MF Windows servers with Web Print enabled. It affects versions 0–23.0.9.
You are affected if you use PaperCut NG/MF versions 0–23.0.9 on a Windows server with Web Print enabled and have non-administrative users with local login access.
Upgrade PaperCut NG/MF to version 23.0.9 or later. Restrict local login access to administrative accounts as a temporary workaround.
There is currently no evidence of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official PaperCut security advisory: https://www.papercut.com/security-advisory-ngmf-2024-002/