CVE-2024-8404 is a high-severity vulnerability affecting PaperCut NG and PaperCut MF products, specifically on Windows servers with the Web Print feature enabled. The vulnerability is categorized under CWE-59, which involves improper link resolution before file access, commonly known as 'link following.' This flaw allows an attacker with local login access to the Windows server hosting PaperCut NG/MF to perform arbitrary file deletion. Exploitation requires the attacker to have the ability to execute low-privilege code on the server, achievable through the web-print-hot-folder functionality. The vulnerability arises because the application improperly resolves symbolic links or shortcuts before accessing files, enabling the deletion of unintended files on the system. Importantly, exploitation does not require user interaction beyond the initial local login and code execution capability. The default Windows Server configuration mitigates this risk by restricting local login access to administrators, but environments that permit non-administrative users local console access remain vulnerable. The vulnerability was initially reserved in early September 2024 and published later that month, with an update in May 2025 refining the fixed version and patching process. The CVSS v3.1 base score is 7.8, reflecting high severity due to the combination of local attack vector, low complexity, required privileges, and significant impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild. This vulnerability was split from CVE-2024-3037, indicating a related but distinct issue. The lack of patch links in the provided data suggests that organizations should consult the May 2025 Security Bulletin from PaperCut for remediation details.

For European organizations, the impact of CVE-2024-8404 can be significant, especially for those using PaperCut NG or MF on Windows servers with Web Print enabled. The vulnerability allows an attacker with local access to delete arbitrary files, potentially leading to data loss, disruption of printing services, and broader system instability. Confidentiality is at risk if critical files or logs are deleted, hindering forensic investigations or exposing sensitive operational data. Integrity and availability are also heavily impacted since deletion of essential files can cause application failures or denial of service. Organizations with shared or less restrictive local login policies are particularly vulnerable, as attackers could leverage low-privilege accounts to escalate damage. Given PaperCut’s widespread use in educational institutions, government agencies, and enterprises across Europe for print management, disruption could affect critical workflows and compliance with data protection regulations such as GDPR. The absence of known exploits reduces immediate risk, but the high severity score and ease of exploitation under certain conditions necessitate proactive mitigation to prevent potential insider threats or lateral movement by attackers who have gained initial access.

To mitigate CVE-2024-8404 effectively, European organizations should: 1) Restrict local login access strictly to trusted administrators on Windows servers hosting PaperCut NG/MF, ensuring non-administrative users cannot log into the local console. 2) Apply the latest security updates and patches as detailed in the May 2025 PaperCut Security Bulletin promptly to address the vulnerability. 3) Harden the web-print-hot-folder configuration by limiting permissions and monitoring file operations to detect suspicious activity. 4) Implement strict access controls and auditing on the server to track and alert on unauthorized file deletions or symbolic link manipulations. 5) Employ endpoint detection and response (EDR) solutions to monitor for low-privilege code execution attempts and anomalous behavior related to printing services. 6) Conduct regular security training for administrators and users with local access to recognize and prevent misuse of privileges. 7) Consider network segmentation to isolate print servers from general user environments, reducing the attack surface. These targeted actions go beyond generic advice by focusing on the specific attack vector and environment conditions required for exploitation.