CVE-2023-27351
Description
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
44.629
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut NG 19.0.7 | Windows |
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut MF (x64) 20.1.6 | Windows |
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut MF (x64) 21.2.10 | Windows |
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut MF (x64) 22.0.8 | Windows |
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut NG 20.1.6 | Windows |
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut NG 21.2.10 | Windows |
| Vulnerabilities CVE-2023-27350,CVE-2023-27351 are affected in PaperCut NG 22.0.8 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-347974 | PaperCut MF (x64) (24.1.7) |
| PATCH-347974 | PaperCut MF (x64) (24.1.7) |
| PATCH-347974 | PaperCut MF (x64) (24.1.7) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234