CVE-2023-39143

Name of the Vulnerable Software and Affected Versions PaperCut NG and PaperCut MF versions prior to 22.1.3

Description The issue allows path traversal, enabling attackers to upload, read, or delete arbitrary files, leading to remote code execution when external device integration is enabled. This is a high-severity security flaw that could result in remote code execution under specific circumstances. It is estimated that many academic institutions are affected, with 585 vulnerable IPs found.

Recommendations For versions prior to 22.1.3, update to version 22.1.3 or later to protect against this issue. As a temporary workaround, consider disabling external device integration until a patch is available. Restrict access to the vulnerable WebDAV module to minimize the risk of exploitation. Avoid using the vulnerable WebDAV endpoint until the issue is resolved.