This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html | |
http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html | |
https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/ | Third Party Advisory |
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-23-233/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
07 Jun 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 May 2023, 16:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* |
|
References | (MISC) http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 - Vendor Advisory | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-233/ - Third Party Advisory, VDB Entry | |
References | (MISC) https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Papercut papercut Mf
Papercut papercut Ng Papercut |
27 Apr 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Apr 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. |
20 Apr 2023, 17:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-20 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-27350
Mitre link : CVE-2023-27350
CVE.ORG link : CVE-2023-27350
JSON object : View
Products Affected
papercut
- papercut_ng
- papercut_mf
CWE