Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-27350
CVE-2023-27350:
PaperCut NG vulnerability analysis and mitigation
Overview
CVE-2023-27350 is a critical authentication bypass vulnerability discovered in PaperCut NG/MF print management software. The vulnerability was first disclosed in March 2023 and affects versions from 8.0.0 through 22.0.8. The flaw exists within the SetupCompleted Java class and allows remote attackers to bypass authentication and execute arbitrary code with SYSTEM-level privileges without requiring any authentication (ZDI Advisory, Rapid7 Blog).
Technical details
The vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The specific flaw exists within the SetupCompleted class where improper access controls allow attackers to bypass authentication. When exploited, the PaperCut server process (pc-app.exe) runs with SYSTEM or root-level privileges, allowing executed commands to run with the same elevated permissions (CISA Advisory, Sophos News).
Impact
The vulnerability allows attackers to gain unauthorized administrative access and execute arbitrary code with SYSTEM-level privileges on affected systems. This can lead to complete system compromise, data exfiltration, and potential deployment of ransomware or other malicious payloads. The education sector has been particularly impacted, with approximately 68% of exposed U.S.-based PaperCut servers being in educational facilities (CISA Advisory).
Mitigation and workarounds
PaperCut has released patches to address this vulnerability. Organizations are strongly advised to upgrade to the latest version immediately. If immediate patching is not possible, organizations should implement network controls such as blocking all inbound traffic from external IP addresses to the web management portal (ports 9191 and 9192 by default) or completely blocking all traffic inbound to the web management portal. Additionally, organizations should ensure their PaperCut servers are not directly accessible from the internet (CISA Advisory).
Community reactions
The vulnerability has garnered significant attention from the cybersecurity community due to its critical nature and active exploitation. CISA added CVE-2023-27350 to their Known Exploited Vulnerabilities (KEV) Catalog on April 21, 2023, requiring federal agencies to patch within specified timeframes. Multiple security firms have published detailed analyses and observed increased exploitation attempts, particularly targeting educational institutions (Sophos News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management