top of page

PaperCut NG Security Bypass (CVE-2023-27350)

Application Details

PaperCut NG is a print management application which provides print job tracking and reporting.


PaperCut NG allows a remote attacker to bypass security restrictions, caused by improper access control within the SetupCompleted class.


By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM.

GET /app?service=page/SetupCompleted


By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to bypass authentication, and execute arbitrary code in the context of SYSTEM.


Idappcom has created signature 8023762 along with a traffic file for this vulnerability.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page