The vulnerability, which has been assigned the identifier CVE-2023-39143, affects PaperCut NG/MF prior to version 22.1.3. It has been described as a combination of a path traversal and file upload vulnerability.
An attacker who successfully exploits this vulnerability could gain remote code execution on the affected system. This could allow the attacker to take control of the system and steal data, install malware, or disrupt operations.
PaperCut has released a patch for this vulnerability. Users are advised to update to the latest version of PaperCut as soon as possible.
The vulnerability was discovered by researchers at Horizon3 Security. They reported the vulnerability to PaperCut on July 19, 2023. PaperCut released a patch for the vulnerability on August 5, 2023.
An attacker who successfully exploits this vulnerability could gain remote code execution on the affected system. This could allow the attacker to take control of the system and steal data, install malware, or disrupt operations.
PaperCut has released a patch for this vulnerability. Users are advised to update to the latest version of PaperCut as soon as possible.
The vulnerability is rated as high severity by the Common Vulnerabilities and Exposures (CVE) database. This means that it is likely to be exploited by attackers.
Users who are running PaperCut NG/MF prior to version 22.1.3 are advised to update to the latest version as soon as possible. They can also follow the mitigation steps outlined in the PaperCut security advisory.
The following are the mitigation steps for CVE-2023-39143:
- Disable the external device integration setting. This setting is enabled by default in some installations of PaperCut.
- Do not allow users to upload arbitrary files to the PaperCut server.
- Use a firewall to block access to the PaperCut server from untrusted networks.
By following these mitigation steps, you can help to protect your system from exploitation of this vulnerability.
Share this post to help spread the word about this important security vulnerability.