CVE-2023-3486
PaperCut NG Unauthenticated File Upload
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.
Existe una omisión de autenticación en las versiones 22.0.12 y anteriores de PaperCut NG que podría permitir a un atacante no remoto no autenticado cargar archivos arbitrarios en el almacenamiento del host de PaperCut NG. Esto podría agotar los recursos del sistema e impedir que el servicio funcione como se espera.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-30 CVE Reserved
- 2023-07-25 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
- CAPEC-115: Authentication Bypass
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.tenable.com/security/research/tra-2023-23 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.papercut.com/kb/Main/SecurityBulletinJuly2023 | 2023-07-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Papercut Search vendor "Papercut" | Papercut Mf Search vendor "Papercut" for product "Papercut Mf" | < 22.1.3 Search vendor "Papercut" for product "Papercut Mf" and version " < 22.1.3" | - |
Affected
| ||||||
| Papercut Search vendor "Papercut" | Papercut Ng Search vendor "Papercut" for product "Papercut Ng" | < 22.1.3 Search vendor "Papercut" for product "Papercut Ng" and version " < 22.1.3" | - |
Affected
| ||||||