CVE-2023-39470

CVSS 3.0 Score 7.2 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 749

Summary

CVE-2023-39470 is a remote code execution vulnerability affecting PaperCut NG's print.script.sandboxed setting. This issue exposes a dangerous function, enabling attackers to execute arbitrary code on affected installations, gaining SYSTEM privileges after authentication. The flaw, identified as ZDI-CAN-20965, lies in the management of this setting and poses a significant risk to organizations using PaperCut NG.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PaperCut NG

Affected Vendors

  • PaperCut Software Pty Ltd