The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows: – This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls. (CVE-2024-1222) – This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this. (CVE-2024-1654) – This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. (CVE-2024-1882) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More