Overview
- Description
- PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D1E7B69-F906-49B6-A5AE-BC95E528AB81",
"versionEndExcluding": "22.1.3"
},
{
"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE9EEC66-6455-4B4E-879D-7109E6E16199",
"versionEndExcluding": "22.1.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]