Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-2533
Analyzed
Known KEV
More InfoOfficial Page
Source-help@fluidattacks.com
View Known Exploited Vulnerability (KEV) details
Published At-20 Jun, 2023 | 15:15
Updated At-29 Jul, 2025 | 15:08

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2025-07-282025-08-18PaperCut NG/MF Cross-Site Request Forgery (CSRF) VulnerabilityApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.4HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
PaperCut Software Pty Ltd
papercut
>>papercut_mf>>Versions before 20.1.8(exclusive)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
PaperCut Software Pty Ltd
papercut
>>papercut_mf>>Versions from 21.0.0(inclusive) to 21.2.12(exclusive)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
PaperCut Software Pty Ltd
papercut
>>papercut_mf>>Versions from 22.0.0(inclusive) to 22.1.1(exclusive)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
PaperCut Software Pty Ltd
papercut
>>papercut_ng>>Versions before 20.1.8(exclusive)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
PaperCut Software Pty Ltd
papercut
>>papercut_ng>>Versions from 21.0.0(inclusive) to 21.2.12(exclusive)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
PaperCut Software Pty Ltd
papercut
>>papercut_ng>>Versions from 22.0.0(inclusive) to 22.1.1(inclusive)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Secondaryhelp@fluidattacks.com
CWE-352Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fluidattacks.com/advisories/arcangel/help@fluidattacks.com
Exploit
Third Party Advisory
https://www.papercut.com/kb/Main/SecurityBulletinJune2023help@fluidattacks.com
Vendor Advisory
https://fluidattacks.com/advisories/arcangel/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.papercut.com/kb/Main/SecurityBulletinJune2023af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Change History
0Changes found
Details not found