CVE-2023-27350CISA KEV: Actively Exploited

PaperCut MF/NG Improper Access Control Vulnerability

Published Apr 21, 2023·Updated Apr 21, 2023

Description

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

Public Exploits & PoCs11 found

PoC: CVE-2023-27350

Proof of Concept Exploit for PaperCut CVE-2023-27350

4

PoC: CVE-2023-27350

Perfom With Massive Authentication Bypass In PaperCut MF/NG

1

PoC: PaperCut-Authentication_Bypass_and_RCE

This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.

PoC: CVE-2023-27350

PaperCut NG/MG Authentication Bypass and Remote Code Execution (RCE) Exploit Tool. A standalone Bash implementation of the PaperCut exploit chain, featuring optional proxy support, automated session elevation, and dynamic command injection via the print scripting engine. Designed for security auditing and authorized penetration testing.

PoC: CVE-2023-27350

Papercut Vulnerability, Affected Versions are PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms.

PoC: CVE-2023-27350-PoC

PoC for CVE-2023-27350

PoC: CVE-2023-27350

Unauthenticated remote command execution in Papercut service allows an attacker to execute commands due to improper access controls in the SetupCompleted Java class.

PoC: PaperCut

CVE-2023-27350. PaperCut - Unauthenticated Remote Code Execution

PoC: CVE-2023-27350

Python 2.7

PoC: CVE-2023-27350

Exploit for Papercut CVE-2023-27350. [+] Reverse shell [+] Mass checking

PoC: CVE-2023-27350-POC

A simple python script to check if a service is vulnerable

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free