CVE-2023-27350
CVE-2023-27350
In short
A flaw in PaperCut NG 22.0.5 allows attackers to skip login and gain full system control without needing credentials. This is critical because it opens the door for anyone on the network to take over the entire server.
Technical detail
The SetupCompleted class in PaperCut NG 22.0.5 (Build 63914) contains an improper access control vulnerability (CWE-284) that allows unauthenticated remote attackers to bypass authentication mechanisms. Exploitation requires network access to the affected service and results in arbitrary code execution with SYSTEM privileges, enabling complete server compromise.
Summary generated and translated by AI from the official description.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
PaperCut · NGpublic PoCs found — 19
githubgithub.com/horizon3ai/CVE-2023-27350★ 56githubgithub.com/imancybersecurity/CVE-2023-27350-POC★ 12githubgithub.com/adhikara13/CVE-2023-27350★ 9githubgithub.com/MaanVader/CVE-2023-27350-POC★ 5githubgithub.com/monke443/CVE-2023-27350★ 4githubgithub.com/Ap0dexMe0/CVE-2023-27350★ 2githubgithub.com/dezso-dfield/CVE-2023-27350★ 0githubgithub.com/Royall-Researchers/CVE-2023-27350★ 0githubgithub.com/Jenderal92/CVE-2023-27350★ 0githubgithub.com/ASG-CASTLE/CVE-2023-27350★ 0githubgithub.com/rasan2001/CVE-2023-27350-Ongoing-Exploitation-of-PaperCut-Remote-Code-Execution-Vulnerability★ 0githubgithub.com/joaoaugustom/PaperCut-Authentication_Bypass_and_RCE★ 0githubgithub.com/0xB0y426/CVE-2023-27350-PoC★ 0exploitdbwww.exploit-db.com/exploits/51452unverifiedcve_referencepacketstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.htmlunverifiedcve_referencepacketstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51391unverifiedcve_referencepacketstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.htmlhttp://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.htmlhttps://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350https://www.papercut.com/kb/Main/PO-1216-and-PO-1219https://www.zerodayinitiative.com/advisories/ZDI-23-233/