CVE-2023-39470
CVSS 3.0 Score 7.2 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 749
Summary
CVE-2023-39470 is a remote code execution vulnerability affecting PaperCut NG's print.script.sandboxed setting. This issue exposes a dangerous function, enabling attackers to execute arbitrary code on affected installations, gaining SYSTEM privileges after authentication. The flaw, identified as ZDI-CAN-20965, lies in the management of this setting and poses a significant risk to organizations using PaperCut NG.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PaperCut NG
Affected Vendors
- PaperCut Software Pty Ltd