H3-2023-0022

PaperCut Arbitrary File Read and Deletion Vulnerability

Category	VULNERABILITY
Base Score	9.4

Description

PaperCut NG/MF versions <= 22.1.2 are vulnerable to multiple issues that allow unauthenticated attackers to read or delete arbitrary files hosted on the PaperCut server.

Impact

Determined attackers can exploit this vulnerability to access or destroy all data hosted on the PaperCut server.

References

• PaperCut NG/MF Security Bulletin (July 2023)
• Horizon3.ai Research Advisory
• CVE-2023-39143
• PaperCut NG Release History
• PaperCut Common Security Questions
• Securing your PaperCut NG/MF Server