CVE-2023-6006 - OpenCVE

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Papercut	Papercut Mf Papercut Ng

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:papercut:papercut_mf::::::::
	cpe:2.3:a:papercut:papercut_ng::::::::

No data.

References

Link	Providers
https://www.papercut.com/kb/Main/CommonSecurityQuestions/
https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/

History

No history.

MITRE

Status: PUBLISHED

Assigner: PaperCut

Published: 2023-11-14T04:04:03.280Z

Updated: 2024-08-02T08:14:25.129Z

Reserved: 2023-11-08T04:55:38.051Z

Link: CVE-2023-6006

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-14T04:15:07.850

Modified: 2023-11-21T16:12:34.167

Link: CVE-2023-6006

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6006", "assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "state": "PUBLISHED", "assignerShortName": "PaperCut", "dateReserved": "2023-11-08T04:55:38.051Z", "datePublished": "2023-11-14T04:04:03.280Z", "dateUpdated": "2024-08-02T08:14:25.129Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Print Archiving"], "platforms": ["Windows"], "product": "PaperCut MF, PaperCut NG", "vendor": "PaperCut", "versions": [{"changes": [{"at": "23.0.0", "status": "unaffected"}], "lessThan": "23.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Amol Dosanjh"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael DePlante"}], "datePublic": "2023-11-14T03:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM"}], "value": "This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "shortName": "PaperCut", "dateUpdated": "2023-11-21T06:39:19.561Z"}, "references": [{"url": "https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/"}, {"url": "https://www.papercut.com/kb/Main/CommonSecurityQuestions/"}], "source": {"discovery": "UNKNOWN"}, "title": "Local privilege escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.129Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/", "tags": ["x_transferred"]}, {"url": "https://www.papercut.com/kb/Main/CommonSecurityQuestions/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "matchCriteriaId": "C90A3C1C-5F05-4FA3-89D6-8A6D0A17664B", "versionEndExcluding": "23.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*", "matchCriteriaId": "D754F687-4EFB-4B04-96CE-C78C30B527FB", "versionEndExcluding": "23.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must be able to write into the local C Drive. In addition, the attacker must have admin privileges to enable Print Archiving or encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM"}, {"lang": "es", "value": "Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de PaperCut NG. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del proceso pc-pdl-to-image. El proceso carga un ejecutable desde una ubicaci\u00f3n no segura. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de SYSTEM."}], "id": "CVE-2023-6006", "lastModified": "2023-11-21T16:12:34.167", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "type": "Secondary"}]}, "published": "2023-11-14T04:15:07.850", "references": [{"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/CommonSecurityQuestions/"}, {"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "tags": ["Vendor Advisory"], "url": "https://www.papercut.com/kb/Main/Security-Bulletin-November-2023/"}], "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "type": "Secondary"}]}