CVE-2023-2533
8.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PaperCut | PaperCut NG/MF | 22.0.10 < 2.1.1 | affected |
| PaperCut | PaperCut NG/MF | 21.2.12 | unaffected |
| PaperCut | PaperCut NG/MF | 20.1.8 | unaffected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://fluidattacks.com/advisories/arcangel/
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://fluidattacks.com/advisories/arcangel/
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.