PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
References
Link | Resource |
---|---|
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ | Exploit Third Party Advisory |
https://www.papercut.com/kb/Main/securitybulletinjuly2023/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
08 Aug 2023, 20:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Microsoft
Papercut Papercut papercut Mf Papercut papercut Ng Microsoft windows |
|
CPE | cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-22 | |
References | (MISC) https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ - Exploit, Third Party Advisory | |
References | (MISC) https://www.papercut.com/kb/Main/securitybulletinjuly2023/ - Vendor Advisory |
07 Aug 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). |
04 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-04 17:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-39143
Mitre link : CVE-2023-39143
CVE.ORG link : CVE-2023-39143
JSON object : View
Products Affected
microsoft
- windows
papercut
- papercut_mf
- papercut_ng
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')