Description

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in
PaperCut NG/MF, which, under specific conditions, could potentially enable
an attacker to alter security settings or execute arbitrary code. This could
be exploited if the target is an admin with a current login session. Exploiting
this would typically involve the possibility of deceiving an admin into clicking
a specially crafted malicious link, potentially leading to unauthorized changes.

Classification

CVE ID: CVE-2023-2533

CVSS Base Severity: HIGH

CVSS Base Score: 8.4

Affected Products

Vendor: PaperCut

Product: PaperCut NG/MF

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.23% (probability of being exploited)

EPSS Percentile: 61.08% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://fluidattacks.com/advisories/arcangel/
https://www.papercut.com/kb/Main/SecurityBulletinJune2023

Timeline