CVE-2023-27351
KEV
🔴 Łataj teraz
Obejście uwierzytelnienia w PaperCut NG umożliwia zdalnym atakującym dostęp bez hasła.
CVSS
7.5
EPSS
86.1%
Exploit
weaponized
Vendor
papercut
Opis źródłowy (NVD)
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
auth-bypass
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 86.1% |
| Opublikowano (NVD) | 2023-04-20 16:15:07 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 12:48:26 UTC |
Referencje
- https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 (zdi-disclosures@trendmicro.com) [Vendor Advisory]
- https://www.zerodayinitiative.com/advisories/ZDI-23-232/ (zdi-disclosures@trendmicro.com) [Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]