Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Papercut | Papercut Mf | < 20.1.8 |
| Papercut | Papercut Ng | < 20.1.8 |
Related Weaknesses (CWE)
References
- https://fluidattacks.com/advisories/arcangel/ExploitThird Party Advisory
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023Vendor Advisory
- https://fluidattacks.com/advisories/arcangel/ExploitThird Party Advisory
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-2533?
CVE-2023-2533 is a vulnerability with a CVSS score of 8.4 (HIGH). A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute ar...
How severe is CVE-2023-2533?
CVE-2023-2533 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2533?
Check the references section above for vendor advisories and patch information. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.