The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device.
Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
Attack Parameters
Attack Vector
Adjacent
Requires local network access
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 2
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Papercut Papercut_Mf
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
|
— |
25.0.5
|
|
Papercut Papercut_Mf_Konica_Minolta
cpe:2.3:a:papercut:papercut_mf_konica_minolta:*:*:*:*:*:*:*:*
|
— |
25.0.9
|