CVE-2023-27350: PaperCut MF/NG Improper Access Control Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

PaperCut · MF/NG

Date added (KEV): Apr 21, 2023
CISA due date: May 12, 2023
Ransomware campaign use: Known

Required action

Apply updates per vendor instructions.

Vendor fix: Vendor advisory

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219; https://nvd.nist.gov/vuln/detail/CVE-2023-27350

References

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219Vendor Advisory
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219Vendor Advisory
http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.htmlThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.htmlExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html

Other recent CVEs from PaperCut

CVE-2023-27351NG/MF — PaperCut NG/MF Improper Authentication Vulnerability
CVE-2023-2533NG/MF — PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching PaperCut changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology