PaperCut NG Unauthenticated File Upload
CVE-2023-3486

8.2HIGH

Key Information:

Vendor: Papercut
Status: Papercut Ng
Vendor: CVE Published:; 25 July 2023

Summary

An authentication bypass vulnerability exists in PaperCut NG versions 22.0.12 and earlier, which could enable a remote attacker to upload arbitrary files. This unauthorized access could lead to resource exhaustion on the host's file storage, potentially disrupting the service's normal operation.

Affected Version(s)

PaperCut NG 0 < 22.1.3

References

https://www.tenable.com/security/research/tra-2023-23

https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2023
Vulnerability Reserved
Jun 30, 2023