1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. PaperCut MF/NG Improper Access Control Vulnerability

Known Exploited Vulnerabilities CVE-2023-27350 Mappings

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-27350 PaperCut MF/NG Improper Access Control Vulnerability secondary_impact T1105 Ingress Tool Transfer
Comments
CVE-2023-27350 allows an unauthenticated actor to execute malicious code remotely without credentials. Threat actors have been observed exploiting this software through its print scripting interface and installed command and control software on target machines.
References
  1. https://www.cisa.gov/sites/default/files/2023-05/aa23-131a_malicious_actors_exploit_cve-2023-27350_in_papercut_mf_and_ng_1.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
CVE-2023-27350 PaperCut MF/NG Improper Access Control Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2023-27350 allows an unauthenticated actor to execute malicious code remotely without credentials. Threat actors have been observed exploiting this software through its print scripting interface and installed command and control software on target machines.
References
  1. https://www.cisa.gov/sites/default/files/2023-05/aa23-131a_malicious_actors_exploit_cve-2023-27350_in_papercut_mf_and_ng_1.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
CVE-2023-27350 PaperCut MF/NG Improper Access Control Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2023-27350 allows an unauthenticated actor to execute malicious code remotely without credentials. Threat actors have been observed exploiting this software through its print scripting interface and installed command and control software on target machines.
References
  1. https://www.cisa.gov/sites/default/files/2023-05/aa23-131a_malicious_actors_exploit_cve-2023-27350_in_papercut_mf_and_ng_1.pdf
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a