CVE-2023-27350 (GCVE-0-2023-27350)
Vulnerability from cvelistv5 – Published: 2023-04-20 00:00 – Updated: 2025-10-21 23:05- CWE-284 - Improper Access Control
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-284 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | MF/NG |
| Due Date | 2023-05-12 |
| Date Added | 2023-04-21 |
| Vendorproject | PaperCut |
| Vulnerabilityname | PaperCut MF/NG Improper Access Control Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Characteristics
Timestamps
Scope
Evidence
Type: Honeypot
Signal: In The Wild Attempts
Confidence: 70%
Source: shadowserver
Details
| 1D | 1 |
|---|---|
| Iot | no |
| Feed | Shadowserver Foundation honeypot/exploited-vulnerabilities |
| Type | http-scan |
| Class | device-management-platform |
| 7D Avg | 0 |
| Vendor | PaperCut |
| 30D Avg | 5 |
| 90D Avg | 3 |
| Product | PaperCut MF/NG |
| Cisa Kev | yes |
| Connections | 6 |
| Observation Date | 2026-07-04 |
| Vulnerability Class | CVSS |
| Vulnerability Score | 9.8 |
| Vulnerability Severity | Critical |
References
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Public Report
Signal: Confirmed Compromise
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication... |
| Vendor | PaperCut |
| Product | NG |
| Added Date | 2023-04-21T00:00:00.000Z |
| Cvss Score | 9.8 |
| Epss Score | 0.99999 |
| Cvss Severity | CRITICAL |
| Epss Percentile | 0.99991 |
| Used In Malware | yes |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27350",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:01:04.658436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-04-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-21T00:00:00.000Z",
"value": "CVE-2023-27350 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NG",
"vendor": "PaperCut",
"versions": [
{
"status": "affected",
"version": "22.0.5 (Build 63914)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-233/"
},
{
"url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
},
{
"url": "http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html"
},
{
"url": "https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/"
},
{
"url": "http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-27350",
"datePublished": "2023-04-20T00:00:00.000Z",
"dateReserved": "2023-02-28T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-27350",
"cwes": "[\"CWE-284\"]",
"dateAdded": "2023-04-21",
"dueDate": "2023-05-12",
"knownRansomwareCampaignUse": "Known",
"notes": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219; https://nvd.nist.gov/vuln/detail/CVE-2023-27350",
"product": "MF/NG",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.",
"vendorProject": "PaperCut",
"vulnerabilityName": "PaperCut MF/NG Improper Access Control Vulnerability"
},
"epss": {
"cve": "CVE-2023-27350",
"date": "2026-07-05",
"epss": "0.99999",
"percentile": "0.99991"
},
"fkie_nvd": {
"cisaActionDue": "2023-05-12",
"cisaExploitAdd": "2023-04-21",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "PaperCut MF/NG Improper Access Control Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"20.1.7\", \"matchCriteriaId\": \"0D42B6B6-D35D-4CCD-BB11-B06658BA1959\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0.0\", \"versionEndExcluding\": \"21.2.11\", \"matchCriteriaId\": \"7D231C34-F58C-4CA1-B158-64778AC17991\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"22.0.0\", \"versionEndExcluding\": \"22.0.9\", \"matchCriteriaId\": \"A326E88D-635E-4AC1-B5CE-455306FC9D55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"20.1.7\", \"matchCriteriaId\": \"ECE9BB0C-3650-46F4-A0D4-EAAF15E368D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"21.0.0\", \"versionEndExcluding\": \"21.2.11\", \"matchCriteriaId\": \"4DE19845-02F0-4BB9-BECB-49B34FACB55D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"22.0.0\", \"versionEndExcluding\": \"22.0.9\", \"matchCriteriaId\": \"C1852E7B-0B3F-4208-A26E-CB117E0C0CD8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\"}]",
"id": "CVE-2023-27350",
"lastModified": "2024-11-21T07:52:42.880",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-04-20T16:15:07.653",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-233/\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-233/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-27350\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2023-04-20T16:15:07.653\",\"lastModified\":\"2026-06-17T05:44:50.950\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\"}],\"affected\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"affectedData\":[{\"vendor\":\"PaperCut\",\"product\":\"NG\",\"versions\":[{\"version\":\"22.0.5 (Build 63914)\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2023-12-22T05:01:04.658436Z\",\"id\":\"CVE-2023-27350\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2023-04-21\",\"cisaActionDue\":\"2023-05-12\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"PaperCut MF/NG Improper Access Control Vulnerability\",\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"20.1.7\",\"matchCriteriaId\":\"E225189C-FF05-402B-A8F6-6BCC8D062B8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0.0\",\"versionEndExcluding\":\"21.2.11\",\"matchCriteriaId\":\"7D231C34-F58C-4CA1-B158-64778AC17991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"22.0.0\",\"versionEndExcluding\":\"22.0.9\",\"matchCriteriaId\":\"A326E88D-635E-4AC1-B5CE-455306FC9D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"20.1.7\",\"matchCriteriaId\":\"7F5D942B-C055-4221-8FD7-3F0F252931E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"21.0.0\",\"versionEndExcluding\":\"21.2.11\",\"matchCriteriaId\":\"4DE19845-02F0-4BB9-BECB-49B34FACB55D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"22.0.0\",\"versionEndExcluding\":\"22.0.9\",\"matchCriteriaId\":\"C1852E7B-0B3F-4208-A26E-CB117E0C0CD8\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-233/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-233/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-233/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:09:43.478Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-27350\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-22T05:01:04.658436Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-04-21\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-21T00:00:00.000Z\", \"value\": \"CVE-2023-27350 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27350\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T16:31:28.721Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Anonymous\"}], \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"PaperCut\", \"product\": \"NG\", \"versions\": [{\"status\": \"affected\", \"version\": \"22.0.5 (Build 63914)\"}]}], \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-233/\"}, {\"url\": \"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\"}, {\"url\": \"http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html\"}, {\"url\": \"http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html\"}, {\"url\": \"https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/\"}, {\"url\": \"http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html\"}, {\"url\": \"http://packetstormsecurity.com/files/172780/PaperCut-PaperCutNG-Authentication-Bypass.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2023-06-07T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-27350\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:48.700Z\", \"dateReserved\": \"2023-02-28T00:00:00.000Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2023-04-20T00:00:00.000Z\", \"assignerShortName\": \"zdi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.