Skip to main content

Papercut Ng CVE-2023-4568

MEDIUM
Improper Authentication (CWE-287)
2023-09-13 vulnreport@tenable.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 13, 2023 - 21:15 nvd
MEDIUM 6.5

DescriptionNVD

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

AnalysisAI

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. Affected products include: Papercut Papercut Ng.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2023-27350 CRITICAL POC
9.8 Apr 20

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui

CVE-2023-39143 CRITICAL POC
9.8 Aug 04

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete

CVE-2023-2533 HIGH POC
8.8 Jun 20

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific condition

CVE-2024-1222 CRITICAL
9.8 Mar 14

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated

CVE-2019-12135 CRITICAL
9.8 Jun 06

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19

CVE-2019-8948 CRITICAL
9.8 Feb 20

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rat

CVE-2024-8404 HIGH
7.8 Sep 26

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print

CVE-2024-4712 HIGH
7.8 May 14

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabl

CVE-2024-3037 HIGH
7.8 May 14

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print

CVE-2023-3486 HIGH
7.5 Jul 25

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated att

CVE-2024-1882 HIGH
7.2 Mar 14

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for

CVE-2024-1654 HIGH
7.2 Mar 14

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. Rated high

Share

CVE-2023-4568 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy