8.8

CVE-2023-2533

Warnung
Medienbericht
Exploit
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in
PaperCut NG/MF, which, under specific conditions, could potentially enable
an attacker to alter security settings or execute arbitrary code. This could
be exploited if the target is an admin with a current login session. Exploiting
this would typically involve the possibility of deceiving an admin into clicking
a specially crafted malicious link, potentially leading to unauthorized changes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PapercutPapercut Mf Version < 20.1.8
PapercutPapercut Mf Version >= 21.0.0 < 21.2.12
PapercutPapercut Mf Version >= 22.0.0 < 22.1.1
PapercutPapercut Ng Version < 20.1.8
PapercutPapercut Ng Version >= 21.0.0 < 21.2.12
PapercutPapercut Ng Version >= 22.0.0 <= 22.1.1

28.07.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

Schwachstelle

PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 36.32% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
help@fluidattacks.com 8.4 1.7 6
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://fluidattacks.com/advisories/arcangel/
Third Party Advisory
Exploit