Описание
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.
The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013.
Ссылки
- Vendor AdvisoryRelated
- Third Party Advisory
- Vendor AdvisoryRelated
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.2 High
CVSS3
7.2 High
CVSS3
Дефекты
Связанные уязвимости
PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013.
Уязвимость функции External User Lookup программных средств контроля за печатью в сети PaperCut MF и PaperCut NG, позволяющая нарушителю выполнить произвольный код
EPSS
7.2 High
CVSS3
7.2 High
CVSS3