What is the vulnerability ID for the authentication bypass in PaperCut NG?

The vulnerability ID for the authentication bypass in PaperCut NG is CVE-2023-3486.

What is the severity level of CVE-2023-3486?

The severity level of CVE-2023-3486 is high with a score of 7.5.

Which versions of PaperCut NG are affected by CVE-2023-3486?

Versions 22.0.12 and prior of PaperCut NG are affected by CVE-2023-3486.

Where can I find more information about CVE-2023-3486?

You can find more information about CVE-2023-3486 at the following references: [https://www.tenable.com/security/research/tra-2023-23](https://www.tenable.com/security/research/tra-2023-23) and [https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/](https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/).

Vulnerability/
CVE-2023-3486

high

8.2

CWE

434

25/7/2023

23/10/2024

CVE-2023-3486: PaperCut NG Unauthenticated File Upload

Q: How can an attacker exploit CVE-2023-3486?

An attacker can exploit CVE-2023-3486 to upload arbitrary files to the PaperCut NG host's file storage, causing resource exhaustion and service disruption.

First published: Tue Jul 25 2023(Updated: )

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.

Credit: vulnreport@tenable.com vulnreport@tenable.com

Affected Software	Affected Version	How to fix
Papercut Papercut Mf	<22.1.3
Papercut Papercut Ng	<22.1.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for the authentication bypass in PaperCut NG?
The vulnerability ID for the authentication bypass in PaperCut NG is CVE-2023-3486.
What is the severity level of CVE-2023-3486?
The severity level of CVE-2023-3486 is high with a score of 7.5.
Which versions of PaperCut NG are affected by CVE-2023-3486?
Versions 22.0.12 and prior of PaperCut NG are affected by CVE-2023-3486.
How can an attacker exploit CVE-2023-3486?
An attacker can exploit CVE-2023-3486 to upload arbitrary files to the PaperCut NG host's file storage, causing resource exhaustion and service disruption.
Where can I find more information about CVE-2023-3486?
You can find more information about CVE-2023-3486 at the following references: [https://www.tenable.com/security/research/tra-2023-23](https://www.tenable.com/security/research/tra-2023-23) and [https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/](https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/).

collector/nvd-latest
collector/nvd-index
agent/author
agent/references
agent/type
agent/softwarecombine
agent/weakness
agent/description
collector/nvd-api
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/severity
agent/tags
agent/first-publish-date
agent/event
vendor/papercut
canonical/papercut papercut mf
canonical/papercut papercut ng

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.