This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM
References
Link | Resource |
---|---|
https://www.papercut.com/kb/Main/CommonSecurityQuestions/ | Vendor Advisory |
https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2023, 16:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
21 Nov 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
Summary | This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM |
20 Nov 2023, 18:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/ - Vendor Advisory | |
References | () https://www.papercut.com/kb/Main/CommonSecurityQuestions/ - Vendor Advisory | |
CPE | cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
First Time |
Papercut papercut Ng
Microsoft Papercut Papercut papercut Mf Microsoft windows |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
14 Nov 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 04:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-6006
Mitre link : CVE-2023-6006
CVE.ORG link : CVE-2023-6006
JSON object : View
Products Affected
microsoft
- windows
papercut
- papercut_mf
- papercut_ng
CWE