CVE-2023-27350: PaperCut NG SetupCompleted Improper Access Control Authentication Bypass Vulnerability
First published: Thu Apr 20 2023(Updated: )
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
Credit: zdi-disclosures@trendmicro.com zdi-disclosures@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PaperCut NG/MF | ||
| PaperCut NG/MF | ||
| PaperCut MF | >=8.0.0<20.1.7 | |
| PaperCut MF | >=21.0.0<21.2.11 | |
| PaperCut MF | >=22.0.0<22.0.9 | |
| PaperCut NG | >=8.0.0<20.1.7 | |
| PaperCut NG | >=21.0.0<21.2.11 | |
| PaperCut NG | >=22.0.0<22.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html
- https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
- https://www.zerodayinitiative.com/advisories/ZDI-23-233/
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219;
- https://nvd.nist.gov/vuln/detail/CVE-2023-27350
Frequently Asked Questions
What is CVE-2023-27350?
CVE-2023-27350 is an improper access control vulnerability found in PaperCut MF/NG.
What is the impact of CVE-2023-27350?
The impact of CVE-2023-27350 is authentication bypass and code execution in the context of the system.
How does CVE-2023-27350 affect PaperCut MF/NG?
CVE-2023-27350 affects PaperCut MF/NG by allowing an attacker to bypass authentication and execute code on the system.
How can I fix CVE-2023-27350?
To fix CVE-2023-27350, apply the necessary security patches provided by PaperCut and ensure that you are running the latest version of PaperCut MF/NG.
Where can I find more information about CVE-2023-27350?
More information about CVE-2023-27350 can be found in the official knowledge base article provided by PaperCut: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
- agent/type
- agent/severity
- agent/title
- agent/weakness
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/references
- agent/last-modified-date
- agent/trending
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-233
- alias/ZDI-CAN-18987
- alias/CVE-2023-27350
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/nvd-api
- vendor/papercut
- canonical/papercut ng/mf
- canonical/papercut mf
- version/papercut mf/8.0.0
- version/papercut mf/21.0.0
- version/papercut mf/22.0.0
- canonical/papercut ng
- version/papercut ng/8.0.0
- version/papercut ng/21.0.0
- version/papercut ng/22.0.0