CVE-2023-27350

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

NVD

Severity: CRITICAL
CVE ID: CVE-2023-27350
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zero Day Initiative

Severity: CRITICAL
CVE ID: CVE-2023-27350
CVSS Score: 9.8
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-27350

Refrence: Project Discovery GitHub

MaanVader

A simple python script to check if a service is vulnerable

Refrence: GitHub

imancybersecurity

Refrence: GitHub

horizon3ai

Proof of Concept Exploit for PaperCut CVE-2023-27350

Refrence: GitHub

adhikara13

Exploit for Papercut CVE-2023-27350. [+] Reverse shell [+] Mass checking

Refrence: GitHub

ThatNotEasy

Perfom With Massive Authentication Bypass In PaperCut MF/NG

Refrence: GitHub

Jenderal92

Python 2.7

Refrence: GitHub

ASG-CASTLE

Refrence: GitHub

Content on GitHub

getdrive | watchers:59

PoC
PoC. Severity critical.

Refrence: GitHub