CVE-2023-27351

CVSS v2.0

8.5

High

AV:N/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions PaperCut NG version 22.0.5 (Build 63914)

Description This issue allows remote attackers to bypass authentication on affected installations. The flaw exists within the SecurityRequestFilter class due to improper implementation of the authentication algorithm. An attacker can leverage this to bypass authentication on the system.

Recommendations For PaperCut NG version 22.0.5 (Build 63914), consider disabling the SecurityRequestFilter class as a temporary workaround until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

BDU:2023-02276

CVE-2023-27351

ZDI-23-232

Affected Products

Papercut Ng

CVE-2023-27351

Weakness Enumeration

Related Identifiers

Affected Products

References · 20