Cyber Resilience

CVE-2024-1884

Medium

Published: 14 March 2024

Published
14 March 2024
Modified
23 January 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0924 92.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1884 is a medium-severity SSRF (CWE-918) vulnerability in Papercut Papercut Mf. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

This CVE describes a server-side request forgery (SSRF) flaw, tracked as CWE-918, in the PaperCut NG/MF server-side module. The vulnerability permits an unauthenticated remote attacker to cause the application to issue HTTP requests to arbitrary attacker-chosen domains, carrying a CVSS 3.1 score of 6.5.

An attacker with network access can exploit the issue without credentials or user interaction, achieving limited disclosure of internal resources and limited ability to interact with internal or external systems reachable by the PaperCut server.

PaperCut’s March 2024 security bulletin provides official guidance and remediation steps for affected customers.

EPSS for the CVE rose from a low baseline to a peak of 0.4038 on 2025-12-11 before receding, indicating a clear post-disclosure increase in exploitation interest.

EU & UK References

Vulnerability details

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

papercut
papercut mf
≤ 20.1.10 · 21.0.0 — 21.2.14 · 22.0.0 — 22.1.5
papercut
papercut ng
≤ 20.1.10 · 21.0.0 — 21.2.14 · 22.0.0 — 22.1.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References