Organizations Warned of Exploited PaperCut Flaw

The flaw, tracked as CVE-2023-2533, is described as a high-severity cross-site request forgery (CSRF) issue that, under certain conditions, allows attackers to modify security settings or execute arbitrary code remotely.

“This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes,” PaperCut notes in a June 2023 advisory.

It should be noted that, while PaperCut assesses that CVE-2023-2533 has a CVSS score of 7.9, NIST lists it with a CVSS score of 8.8, while Fluid Attacks, which discovered the bug and released proof-of-concept (PoC) code targeting it, assesses that it has a CVSS score of 8.4.

To read the complete article see: Organizations Warned of Exploited PaperCut Flaw