CVE-2023-39143

critical

Description

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).

References

https://www.securityweek.com/citrix-cisco-fortinet-zero-days-among-2023s-most-exploited-vulnerabilities/

https://www.papercut.com/kb/Main/securitybulletinjuly2023/

https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/

Details

Source: Mitre, NVD

Published: 2023-08-04

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H