CVE-2023-6006

CVSS V2 None CVSS V3 None

Description

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

Overview

CVE ID
CVE-2023-6006

Assigner
PaperCut

Vulnerability Status
PUBLISHED

Published Version
2023-11-14T04:04:03.280Z

Last Modified Date
2023-11-21T06:39:19.561Z

Weakness Enumerations

CWE	URL
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/
https://www.papercut.com/kb/Main/CommonSecurityQuestions/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6006
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6006

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 06:06:05				Added to TrackCVE