Vulnerability Details : CVE-2023-27350
Public exploit exists!
Used for ransomware!
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Vulnerability category: Execute code
CVE-2023-27350 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
PaperCut MF/NG Improper Access Control Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
Notes:
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219; https://nvd.nist.gov/vuln/detail/CVE-2023-27350
Added on
2023-04-21
Action due date
2023-05-12
Exploit prediction scoring system (EPSS) score for CVE-2023-27350
96.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-27350
-
PaperCut PaperCutNG Authentication Bypass
Disclosure Date: 2023-03-13First seen: 2023-09-11exploit/multi/http/papercut_ng_auth_bypassThis module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the 'print-and-device.script.enabled' and 'print.script.sandboxed' options to allow for arbitrary code execution running in the
CVSS scores for CVE-2023-27350
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Zero Day Initiative | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-27350
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: zdi-disclosures@trendmicro.com (Primary)
References for CVE-2023-27350
-
https://www.zerodayinitiative.com/advisories/ZDI-23-233/
ZDI-23-233 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html
PaperCut NG/MG 22.0.4 Authentication Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html
PaperCut NG/MG 22.0.4 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html
PaperCut PaperCutNG Authentication Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html
PaperCut MF/NG Authentication Bypass / Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/
Increased exploitation of PaperCut drawing blood around the Internet – Sophos NewsThird Party Advisory
-
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
APRIL 19 UPDATE | PaperCut MF/NG vulnerability bulletin (March 2023) | PaperCutVendor Advisory
Products affected by CVE-2023-27350
- cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
- cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
- cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
- cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
- cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
- cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*