CVE-2023-3486 (GCVE-0-2023-3486)
Vulnerability from cvelistv5 – Published: 2023-07-25 12:50 – Updated: 2024-10-23 19:02
VLAI
Title
PaperCut NG Unauthenticated File Upload
Summary
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | PaperCut NG |
Affected:
0 , < 22.1.3
(custom)
|
Date Public
2023-07-25 12:51
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-23"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3486",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T19:02:44.379787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T19:02:59.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PaperCut NG",
"vendor": "PaperCut",
"versions": [
{
"lessThan": "22.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-25T12:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eAn authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host\u2019s file storage. This could exhaust system resources and prevent the service from operating as expected.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host\u2019s file storage. This could exhaust system resources and prevent the service from operating as expected.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T13:35:28.378Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-23"
},
{
"url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PaperCut NG Unauthenticated File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-3486",
"datePublished": "2023-07-25T12:50:42.477Z",
"dateReserved": "2023-06-30T18:26:50.920Z",
"dateUpdated": "2024-10-23T19:02:59.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-3486",
"date": "2026-06-19",
"epss": "0.75794",
"percentile": "0.99463"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.1.3\", \"matchCriteriaId\": \"2D1E7B69-F906-49B6-A5AE-BC95E528AB81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.1.3\", \"matchCriteriaId\": \"AE9EEC66-6455-4B4E-879D-7109E6E16199\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host\\u2019s file storage. This could exhaust system resources and prevent the service from operating as expected.\\n\"}, {\"lang\": \"es\", \"value\": \"Existe una omisi\\u00f3n de autenticaci\\u00f3n en las versiones 22.0.12 y anteriores de PaperCut NG que podr\\u00eda permitir a un atacante no remoto no autenticado cargar archivos arbitrarios en el almacenamiento del host de PaperCut NG. Esto podr\\u00eda agotar los recursos del sistema e impedir que el servicio funcione como se espera. \"}]",
"id": "CVE-2023-3486",
"lastModified": "2024-11-21T08:17:22.333",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"vulnreport@tenable.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-07-25T13:15:10.330",
"references": "[{\"url\": \"https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/\", \"source\": \"vulnreport@tenable.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2023-23\", \"source\": \"vulnreport@tenable.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2023-23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"vulnreport@tenable.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-3486\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2023-07-25T13:15:10.330\",\"lastModified\":\"2024-11-21T08:17:22.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host\u2019s file storage. This could exhaust system resources and prevent the service from operating as expected.\\n\"},{\"lang\":\"es\",\"value\":\"Existe una omisi\u00f3n de autenticaci\u00f3n en las versiones 22.0.12 y anteriores de PaperCut NG que podr\u00eda permitir a un atacante no remoto no autenticado cargar archivos arbitrarios en el almacenamiento del host de PaperCut NG. Esto podr\u00eda agotar los recursos del sistema e impedir que el servicio funcione como se espera. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.1.3\",\"matchCriteriaId\":\"2D1E7B69-F906-49B6-A5AE-BC95E528AB81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.1.3\",\"matchCriteriaId\":\"AE9EEC66-6455-4B4E-879D-7109E6E16199\"}]}]}],\"references\":[{\"url\":\"https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2023-23\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2023-23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.tenable.com/security/research/tra-2023-23\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:55:03.589Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3486\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-23T19:02:44.379787Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-23T19:02:49.650Z\"}}], \"cna\": {\"title\": \"PaperCut NG Unauthenticated File Upload\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"PaperCut\", \"product\": \"PaperCut NG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.1.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-07-25T12:51:00.000Z\", \"references\": [{\"url\": \"https://www.tenable.com/security/research/tra-2023-23\"}, {\"url\": \"https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host\\u2019s file storage. This could exhaust system resources and prevent the service from operating as expected.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: transparent;\\\"\u003eAn authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host\\u2019s file storage. This could exhaust system resources and prevent the service from operating as expected.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"shortName\": \"tenable\", \"dateUpdated\": \"2023-07-26T13:35:28.378Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-3486\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-23T19:02:59.209Z\", \"dateReserved\": \"2023-06-30T18:26:50.920Z\", \"assignerOrgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"datePublished\": \"2023-07-25T12:50:42.477Z\", \"assignerShortName\": \"tenable\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…