How severe is CVE-2023-6006?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2023-6006?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2023-6006 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archiving must be enabled or the attacker needs to encounter a misconfigured system. This vulnerability does not apply to PaperCut NG installs that have Print Archiving enabled and configured as per the recommended set up procedure. This specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM Note: This CVE has been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.

Related Vulnerabilities

CVE-2022-20676

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This ...

CWE-2502022

CVE-2024-25967

MEDIUM

CVSS:6.7(Medium)

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, lea...

CWE-2502024

CVE-2024-27146

MEDIUM

CVSS:6.7(Medium)

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL.

CWE-2502024

CVE-2025-3364

MEDIUM

CVSS:6.7(Medium)

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.

CWE-2502025

CVE-2020-10290

MEDIUM

CVSS:6.8(Medium)

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the ove...

CWE-2502020

CVE-2022-1744

MEDIUM

CVSS:6.8(Medium)

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability ...

CWE-2502022