CVE-2023-27350

CVSS V2 None CVSS V3 None
Description
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Overview
  • CVE ID
  • CVE-2023-27350
  • Assigner
  • zdi-disclosures@trendmicro.com
  • Vulnerability Status
  • Awaiting Analysis
  • Published Version
  • 2023-04-20T16:15:07
  • Last Modified Date
  • 2023-04-25T18:15:09
Weakness Enumerations
CWE URL
CWE-284 http://cwe.mitre.org/data/definitions/284.html
References
Reference URL Reference Tags
http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
https://www.zerodayinitiative.com/advisories/ZDI-23-233/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-27350
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27350
History
Created Old Value New Value Data Type Notes
2023-04-20 17:01:04 Added to TrackCVE
2023-04-20 17:01:05 Weakness Enumeration new
2023-04-20 18:01:06 2023-04-20T17:18:19 CVE Modified Date updated
2023-04-20 18:01:06 Received Awaiting Analysis Vulnerability Status updated
2023-04-20 18:01:09 CVSS V3 information new
2023-04-21 00:00:59 2023-04-20T23:15:06 CVE Modified Date updated
2023-04-21 00:01:00 This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. Description updated
2023-04-21 00:01:01 CVSS V3 information new
2023-04-22 01:01:02 CVSS V3 information new
2023-04-25 19:01:44 2023-04-25T18:15:09 CVE Modified Date updated
2023-04-25 19:01:52 References updated
2023-04-25 19:01:52 CVSS V3 information new