CVE-2023-3486

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 25, 2023

Updated: Jul 31, 2023

CWE ID 434

Summary

CVE-2023-3486 is a newly disclosed vulnerability affecting PaperCut NG versions 22.0.12 and older. This issue enables a remote, unauthenticated attacker to bypass authentication and upload arbitrary files to the PaperCut NG host's file storage. Successful exploitation can lead to system resource exhaustion, potentially causing the service to malfunction. This vulnerability poses a serious threat to organizations using PaperCut NG software and emphasizes the importance of applying security patches promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PaperCut MF
PaperCut NG

Affected Vendors

Papercut

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r1iTFJ
https://www.cve.org/CVERecord?id=CVE-2023-3486
https://nvd.nist.gov/vuln/detail/CVE-2023-3486

Back to Vulnerability Database