CVE-2023-2533: PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF
First published: Tue Jun 20 2023(Updated: )
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Papercut Papercut Mf | =22.0.10 | |
| Papercut Papercut Ng | =22.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-2533?
CVE-2023-2533 is a Cross-Site Request Forgery (CSRF) vulnerability identified in PaperCut NG/MF.
What is the severity of CVE-2023-2533?
CVE-2023-2533 has a severity rating of 8.8 (High).
How can CVE-2023-2533 be exploited?
CVE-2023-2533 can be exploited by an attacker if the target is an admin with a current login session.
Which software versions are affected by CVE-2023-2533?
CVE-2023-2533 affects Papercut NG/MF version 22.0.10.
How do I fix the CVE-2023-2533 vulnerability?
To fix the CVE-2023-2533 vulnerability, update PaperCut NG/MF to a version that is not affected.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/papercut
- canonical/papercut papercut mf
- version/papercut papercut mf/22.0.10
- canonical/papercut papercut ng
- version/papercut papercut ng/22.0.10