Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2023-27350
PUBLISHEDThis vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication...
- Vendor
- PaperCut
- Product
- NG
- Published
- Apr 20, 2023
- EPSS
- —
Description
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
CVSS scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://www.zerodayinitiative.com/advisories/ZDI-23-233/
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
- http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html
- https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/
- http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 21, 2023 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/papercut_ng_auth_bypass.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27350.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2025-03-09 18:08:42 UTC · 3 stars
Unauthenticated remote command execution in Papercut service allows an attacker to execute commands due to improper access controls in the SetupCompleted Java class.
github · Created 2023-05-27 11:32:35 UTC · 2 stars
Perfom With Massive Authentication Bypass In PaperCut MF/NG
github · Created 2023-04-25 20:51:23 UTC · 8 stars
Exploit for Papercut CVE-2023-27350. [+] Reverse shell [+] Mass checking
github · Created 2023-04-22 21:34:06 UTC · 51 stars
Proof of Concept Exploit for PaperCut CVE-2023-27350
github · Created 2023-04-21 20:13:47 UTC · 12 stars
github · Created 2023-04-21 09:19:13 UTC · 5 stars
A simple python script to check if a service is vulnerable
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit