← Back

CVE-2023-27351

nvd nistnuclei
Published: Apr 20, 2023Modified: Apr 21, 2026CISA KEV

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.

Affected (6)

Papercut
2 products
Papercut Mf
Papercut Ng
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Papercut
Papercut Mf
From 15.0 to 20.1.7
Papercut Mf
From 21.0.0 to 21.2.11
Papercut Mf
From 22.0.0 to 22.0.9
Papercut
Papercut Ng
From 15.0 to 20.1.7
Papercut Ng
From 21.0.0 to 21.2.11
Papercut Ng
From 22.0.0 to 22.0.9

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (5)

Source: zdi-disclosures@trendmicro.com
Vendor Advisory
Source: zdi-disclosures@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.