Application Details
PaperCut NG is a print management application which provides print job tracking and reporting.
Vulnerability
PaperCut NG allows a remote attacker to bypass security restrictions, caused by improper access control within the SetupCompleted class.
Identification
By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM.
GET /app?service=page/SetupCompleted
Detection
By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to bypass authentication, and execute arbitrary code in the context of SYSTEM.
Coverage
Idappcom has created signature 8023762 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments