PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
References
| Link | Resource |
|---|---|
| https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ | Exploit Third Party Advisory |
| https://www.papercut.com/kb/Main/securitybulletinjuly2023/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Aug 2023, 20:07
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Papercut papercut Ng
Papercut Microsoft Microsoft windows Papercut papercut Mf |
|
| CWE | CWE-22 | |
| CPE | cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | (MISC) https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ - Exploit, Third Party Advisory | |
| References | (MISC) https://www.papercut.com/kb/Main/securitybulletinjuly2023/ - Vendor Advisory |
07 Aug 2023, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). |
04 Aug 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-04 17:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-39143
Mitre link : CVE-2023-39143
CVE.ORG link : CVE-2023-39143
JSON object : View
Products Affected
microsoft
- windows
papercut
- papercut_ng
- papercut_mf
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')