{"api_version":"1","generated_at":"2026-04-23T14:03:08+00:00","cve":"CVE-2023-39143","urls":{"html":"https://cve.report/CVE-2023-39143","api":"https://cve.report/api/cve/CVE-2023-39143.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-39143","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-39143"},"summary":{"title":"CVE-2023-39143","description":"PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-08-04 17:15:00","updated_at":"2023-08-08 20:07:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/","name":"https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/","refsource":"MISC","tags":[],"title":"CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability – Horizon3.ai","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.papercut.com/kb/Main/securitybulletinjuly2023/","name":"https://www.papercut.com/kb/Main/securitybulletinjuly2023/","refsource":"MISC","tags":[],"title":"PaperCut NG/MF Security Bulletin (July 2023) | PaperCut","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-39143","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39143","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"39143","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39143","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_mf","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"39143","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"papercut","cpe5":"papercut_ng","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-39143","qid":"150719","title":"PaperCut NG/MF Path Traversal Vulnerability (CVE-2023-39143)"},{"cve":"CVE-2023-39143","qid":"378740","title":"PaperCut NG/MF Chained Path Traversal in Authenticated API"},{"cve":"CVE-2023-39143","qid":"730865","title":"PaperCut NG/MF Chained Path Traversal Vulnerability (Unauthenticated Check)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-39143","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/","url":"https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/"},{"refsource":"MISC","name":"https://www.papercut.com/kb/Main/securitybulletinjuly2023/","url":"https://www.papercut.com/kb/Main/securitybulletinjuly2023/"}]}},"nvd":{"publishedDate":"2023-08-04 17:15:00","lastModifiedDate":"2023-08-08 20:07:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*","versionEndExcluding":"22.1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*","versionEndExcluding":"22.1.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}