top of page

PaperCut NG Security Bypass (CVE-2023-27350)



Application Details

PaperCut NG is a print management application which provides print job tracking and reporting.


Vulnerability

PaperCut NG allows a remote attacker to bypass security restrictions, caused by improper access control within the SetupCompleted class.


Identification

By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM.

GET /app?service=page/SetupCompleted

Detection

By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to bypass authentication, and execute arbitrary code in the context of SYSTEM.


Coverage

Idappcom has created signature 8023762 along with a traffic file for this vulnerability.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

Comments


bottom of page