CVE-2023-27350

NVD Published Date: April 20, 2023 at 04:15 PM
NVD Last Modified: June 27, 2024 at 07:30 PM
Download Patch
Vulnerability ID
CVE-2023-27350
Severity
CRITICAL
Severity Score
9.8
Summary
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Mitigation and Patches
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-284

Recent Publish

CVE-2023-27524

CVE-2023-28771

CVE-2023-33009

CVE-2023-33010

CVE-2023-33246

CVE-2023-2868

See SecOps Solution
in action

Schedule Demo