PaperCut NG Unauthenticated XMLRPC
CVE-2023-4568

6.5MEDIUM

Key Information:

Vendor: PaperCut
Status: PaperCut NG
Vendor: CVE Published:; 13 September 2023

Badges

👾 Exploit Exists🟣 EPSS 83%

Summary

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

Affected Version(s)

PaperCut NG 0

References

https://www.tenable.com/security/research/tra-2023-31

EPSS Score

83% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 21, 2024
👾
Exploit known to exist
May 21, 2024
Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Aug 28, 2023