CVE-2023-39143
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
PaperCut NG y PaperCut MF antes de 22.1.3 en Windows permiten atravesar rutas, lo que permite a los atacantes cargar, leer o eliminar archivos arbitrarios. Esto conduce a la ejecución remota de código cuando la integración de dispositivos externos está habilitada (una configuración muy común).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-25 CVE Reserved
- 2023-08-04 CVE Published
- 2023-08-17 First Exploit
- 2024-08-02 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/codeb0ss/CVE-2023-39143 | 2023-08-17 | |
| https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.papercut.com/kb/Main/securitybulletinjuly2023 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Papercut Search vendor "Papercut" | Papercut Mf Search vendor "Papercut" for product "Papercut Mf" | < 22.1.3 Search vendor "Papercut" for product "Papercut Mf" and version " < 22.1.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Papercut Search vendor "Papercut" | Papercut Ng Search vendor "Papercut" for product "Papercut Ng" | < 22.1.3 Search vendor "Papercut" for product "Papercut Ng" and version " < 22.1.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|