Intrusion PreventionPaperCut.NG.SetupCompleted.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in PaperCut NG.
This vulnerability is due to improper access control in the vulnerable application. An unauthenticated, remote attacker may be able to exploit this via a crafted request. Successful exploitation could lead to arbitrary code execution within the security context of the affected system.
Outbreak Alert
An unauthenticated attacker can perform a Remote Code Execution (RCE) on a vulnerable PaperCut Application Server. According to the vendor, the specific flaw exists within the SetupCompleted class and could be achieved remotely without authentication. PaperCut MF/NG Improper Access Control Vulnerability (CVE-2023-27350) has been seen exploited in the wild.
Affected Products
PaperCut MF or NG version 8.0 or later
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-06-22 | 24.587 | Sig Added |
| 2023-05-25 | 23.562 | Sig Added |
| 2023-05-16 | 23.555 | Sig Added |
| 2023-05-08 | 23.548 | Default_action:pass:drop |
| 2023-04-26 | 23.541 |
| ID | 52900 |
| Created | Apr 25, 2023 |
| Updated | Jun 21, 2023 |
| Outbreak Alert | PaperCut RCE |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2023-27350 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.2% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Other |