Vulnerability Description
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Papercut | Papercut Mf | >= 15.0, < 20.1.7 |
| Papercut | Papercut Ng | >= 15.0, < 20.1.7 |
Related Weaknesses (CWE)
References
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-232/Third Party AdvisoryVDB Entry
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-232/Third Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource
FAQ
What is CVE-2023-27351?
CVE-2023-27351 is a vulnerability with a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The spe...
How severe is CVE-2023-27351?
CVE-2023-27351 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27351?
Check the references section above for vendor advisories and patch information. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.