CVE-2023-3486

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG hosts file storage. This could exhaust system resources and prevent the service from operating as expected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
tenableCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
papercutpapercut_mf
𝑥
< 22.1.3
papercutpapercut_ng
𝑥
< 22.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/
https://www.tenable.com/security/research/tra-2023-23
https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/
https://www.tenable.com/security/research/tra-2023-23