PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF
CVE-2023-2533

8.4HIGH

Key Information:

Vendor: Papercut
Status: Papercut Ng/mf
Vendor: CVE Published:; 20 June 2023

What is CVE-2023-2533?

A Cross-Site Request Forgery (CSRF) vulnerability exists in PaperCut NG/MF that could allow attackers to manipulate security settings or execute arbitrary commands. If an administrator is tricked into clicking a malicious link while logged in, it may lead to unauthorized changes within the system. This flaw highlights the importance of secure session management and awareness of social engineering tactics.

Affected Version(s)

PaperCut NG/MF Windows 22.0.10 < 2.1.1

PaperCut NG/MF Windows 21.2.12

PaperCut NG/MF Windows 20.1.8

References

https://fluidattacks.com/advisories/arcangel/

https://www.papercut.com/kb/Main/SecurityBulletinJune2023

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2023
Vulnerability Reserved
May 5, 2023

Papercut

What is CVE-2023-2533?

Affected Version(s)

References

CVSS V3.1

Timeline