Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities found for NG by PaperCut

    CVE-2023-39470 (GCVE-0-2023-39470)

    Vulnerability from nvd – Published: 2024-11-22 20:04 – Updated: 2024-12-05 14:50
    VLAI
    Title
    PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability
    Summary
    PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.10 65996
    Create a notification for this product.
    papercut papercut_ng Affected: 22.0.10 65996
        cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-18 20:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "papercut_ng",
                "vendor": "papercut",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.0.10 65996"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T15:16:31.968489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:50:39.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.10 65996"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.471Z",
          "datePublic": "2024-06-18T20:15:22.622Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T20:04:57.069Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-786",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-786/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Trinity Cyber"
          },
          "title": "PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39470",
        "datePublished": "2024-11-22T20:04:57.069Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-12-05T14:50:39.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39469 (GCVE-0-2023-39469)

    Vulnerability from nvd – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability
    Summary
    PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.12
    Create a notification for this product.
    papercut papercut_ng Affected: 22.0.12
        cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-30 20:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "papercut_ng",
                "vendor": "papercut",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.0.12"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T15:38:33.991469Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:06.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1285",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.12"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.439Z",
          "datePublic": "2023-08-30T20:13:29.538Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:31.060Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1285",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39469",
        "datePublished": "2024-05-03T01:59:31.060Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27351 (GCVE-0-2023-27351)

    Vulnerability from nvd – Published: 2023-04-20 00:00 – Updated: 2026-04-21 03:55
    Summary
    This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.5 (Build 63914)
    Create a notification for this product.
    Credits
    Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:43.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27351",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-04-20",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-21T03:55:37.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-20T00:00:00.000Z",
                "value": "CVE-2023-27351 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.5 (Build 63914)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-20T15:35:13.491Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-27351",
        "datePublished": "2023-04-20T00:00:00.000Z",
        "dateReserved": "2023-02-28T00:00:00.000Z",
        "dateUpdated": "2026-04-21T03:55:37.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-27350 (GCVE-0-2023-27350)

    Vulnerability from nvd – Published: 2023-04-20 00:00 – Updated: 2025-10-21 23:05
    Summary
    This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.5 (Build 63914)
    Create a notification for this product.
    Credits
    Anonymous
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:43.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27350",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-22T05:01:04.658436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-04-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:48.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-04-21T00:00:00.000Z",
                "value": "CVE-2023-27350 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.5 (Build 63914)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Anonymous"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-07T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
            },
            {
              "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
            },
            {
              "url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html"
            },
            {
              "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/"
            },
            {
              "url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-27350",
        "datePublished": "2023-04-20T00:00:00.000Z",
        "dateReserved": "2023-02-28T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:05:48.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39470 (GCVE-0-2023-39470)

    Vulnerability from cvelistv5 – Published: 2024-11-22 20:04 – Updated: 2024-12-05 14:50
    VLAI
    Title
    PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability
    Summary
    PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.10 65996
    Create a notification for this product.
    papercut papercut_ng Affected: 22.0.10 65996
        cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-18 20:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:papercut:papercut_ng:22.0.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "papercut_ng",
                "vendor": "papercut",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.0.10 65996"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-26T15:16:31.968489Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:50:39.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.10 65996"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.471Z",
          "datePublic": "2024-06-18T20:15:22.622Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T20:04:57.069Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-24-786",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-786/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Trinity Cyber"
          },
          "title": "PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39470",
        "datePublished": "2024-11-22T20:04:57.069Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-12-05T14:50:39.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39469 (GCVE-0-2023-39469)

    Vulnerability from cvelistv5 – Published: 2024-05-03 01:59 – Updated: 2024-08-02 18:10
    VLAI
    Title
    PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability
    Summary
    PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.12
    Create a notification for this product.
    papercut papercut_ng Affected: 22.0.12
        cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-30 20:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "papercut_ng",
                "vendor": "papercut",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.0.12"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39469",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-06T15:38:33.991469Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:27:06.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1285",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.12"
                }
              ]
            }
          ],
          "dateAssigned": "2023-08-02T21:44:31.439Z",
          "datePublic": "2023-08-30T20:13:29.538Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T01:59:31.060Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1285",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1285/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Anonymous"
          },
          "title": "PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-39469",
        "datePublished": "2024-05-03T01:59:31.060Z",
        "dateReserved": "2023-08-02T21:37:23.123Z",
        "dateUpdated": "2024-08-02T18:10:20.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27351 (GCVE-0-2023-27351)

    Vulnerability from cvelistv5 – Published: 2023-04-20 00:00 – Updated: 2026-04-21 03:55
    Summary
    This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.5 (Build 63914)
    Create a notification for this product.
    Credits
    Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:43.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27351",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-04-20",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-21T03:55:37.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-04-20T00:00:00.000Z",
                "value": "CVE-2023-27351 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.5 (Build 63914)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-20T15:35:13.491Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-27351",
        "datePublished": "2023-04-20T00:00:00.000Z",
        "dateReserved": "2023-02-28T00:00:00.000Z",
        "dateUpdated": "2026-04-21T03:55:37.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-27350 (GCVE-0-2023-27350)

    Vulnerability from cvelistv5 – Published: 2023-04-20 00:00 – Updated: 2025-10-21 23:05
    Summary
    This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    PaperCut NG Affected: 22.0.5 (Build 63914)
    Create a notification for this product.
    Credits
    Anonymous
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:43.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27350",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-22T05:01:04.658436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-04-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:48.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-04-21T00:00:00.000Z",
                "value": "CVE-2023-27350 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NG",
              "vendor": "PaperCut",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.0.5 (Build 63914)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Anonymous"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-07T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
            },
            {
              "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
            },
            {
              "url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html"
            },
            {
              "url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/"
            },
            {
              "url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-27350",
        "datePublished": "2023-04-20T00:00:00.000Z",
        "dateReserved": "2023-02-28T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:05:48.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }