PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.
The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Papercut
Papercut papercut Ng |
|
CPEs | cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:* | |
Vendors & Products |
Papercut
Papercut papercut Ng |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965. | |
Title | PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability | |
Weaknesses | CWE-749 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-11-22T20:04:57.069Z
Updated: 2024-12-05T14:50:39.655Z
Reserved: 2023-08-02T21:37:23.123Z
Link: CVE-2023-39470
Vulnrichment
Updated: 2024-12-05T14:50:31.443Z
NVD
Status : Received
Published: 2024-11-22T20:15:05.487
Modified: 2024-11-22T20:15:05.487
Link: CVE-2023-39470
Redhat
No data.