PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF
CVE-2023-2533

8.4HIGH

Key Information:

Vendor
Papercut
Status
Papercut Ng/mf
Vendor
CVE Published:
20 June 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in PaperCut NG/MF that could allow attackers to manipulate security settings or execute arbitrary commands. If an administrator is tricked into clicking a malicious link while logged in, it may lead to unauthorized changes within the system. This flaw highlights the importance of secure session management and awareness of social engineering tactics.

Affected Version(s)

PaperCut NG/MF Windows 22.0.10 < 2.1.1

PaperCut NG/MF Windows 21.2.12

PaperCut NG/MF Windows 20.1.8

References

https://fluidattacks.com/advisories/arcangel/
https://www.papercut.com/kb/Main/SecurityBulletinJune2023

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-2533 : PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF | SecurityVulnerability.io