CVE-2023-4568

Name of the Vulnerable Software and Affected Versions PaperCut NG versions 22.0.12 and below

Description The issue is related to the implementation of the XML-RPC protocol in PaperCut NG, which has weaknesses in its authentication procedure. This can allow a remote attacker to execute arbitrary commands. PaperCut NG allows unauthenticated XML-RPC commands to be run by default.

Recommendations For versions 22.0.12 and below, consider disabling the XML-RPC functionality until a patch is available. Restrict access to the XML-RPC interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.