CVE-2023-2533

Name of the Vulnerable Software and Affected Versions PaperCut NG/MF versions (affected versions not specified)

Description A Cross-Site Request Forgery (CSRF) vulnerability exists in PaperCut NG/MF, potentially allowing an attacker to alter security settings or execute arbitrary code under specific conditions. Exploitation typically involves deceiving an administrator into clicking a malicious link. This vulnerability is actively being exploited by threat actors, including ransomware groups and potentially state-sponsored actors. Over 100 million users across 70,000+ organizations, including US federal agencies, are estimated to be impacted. The vulnerability allows attackers to hijack admin sessions to run code remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.