CVE-2023-6006

Name of the Vulnerable Software and Affected Versions PaperCut NG (affected versions not specified) PaperCut MF (affected versions not specified)

Description The issue is related to insufficient authentication procedures in PaperCut NG and PaperCut MF, allowing local attackers to escalate privileges. An attacker must have local write access to the C Drive, and Print Archiving must be enabled or the system must be misconfigured. The vulnerability exists within the pc-pdl-to-image process, which loads an executable from an unsecured location, enabling attackers to execute arbitrary code in the context of SYSTEM.

Recommendations For PaperCut NG, ensure Print Archiving is enabled and configured according to the recommended setup procedure to mitigate the risk. As a temporary workaround, consider restricting access to the pc-pdl-to-image process until a patch is available. Avoid granting local login access to standard network users on the host server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.