Vulnerability Description
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Papercut | Papercut Mf | < 22.1.3 |
| Papercut | Papercut Ng | < 22.1.3 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vExploitThird Party Advisory
- https://www.papercut.com/kb/Main/securitybulletinjuly2023/Vendor Advisory
- https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vExploitThird Party Advisory
- https://www.papercut.com/kb/Main/securitybulletinjuly2023/Vendor Advisory
FAQ
What is CVE-2023-39143?
CVE-2023-39143 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integ...
How severe is CVE-2023-39143?
CVE-2023-39143 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-39143?
Check the references section above for vendor advisories and patch information. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng, Microsoft Windows.