CVE-2023-3486

EUVD-2023-44145
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
tenableCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
papercutpapercut_mf
𝑥
< 22.1.3
papercutpapercut_ng
𝑥
< 22.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/
https://www.tenable.com/security/research/tra-2023-23
https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/
https://www.tenable.com/security/research/tra-2023-23