Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
3

CVE-2023-27350

Disclosure Date: April 20, 2023
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Add Assessment

2
Ratings
Technical Analysis

Overview

On April 14, 2023 the Zero Day Initiative published two advisories, ZDI-23-233 aka CVE-2023-27350 and ZDI-23-232 aka CVE-2023-27351, for two vulnerabilities affecting PaperCut MF and PaperCut NG.

PaperCut have released their own advisory for these two vulnerabilities. The vulnerability CVE-2023-27350 allows an unauthenticated attacker to achieve remote code execution on a vulnerable PaperCut MF or NG Application Server and affects all versions of both products, from version 8.0 up to the patched version (as listed below). The CVE has been rated critical and has a CVSS base score of 9.8. On April 19, 2023, PaperCut updated their advisory to report that this vulnerability has been exploited in the wild.

On April 21, 2023, Huntress published technical details on the vulnerability.

Guidance

A vendor supplied patch is available and should be applied to successfully remediate the issue.

For PaperCut MF the following versions remediate the issue:

For PaperCut NG the following versions remediate the issue:

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • papercut

Products

  • papercut mf,
  • papercut ng

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis