PaperCut NG Unauthenticated XMLRPC
CVE-2023-4568

6.5MEDIUM

Key Information:

Vendor: PaperCut
Status: PaperCut NG
Vendor: CVE Published:; 13 September 2023

Badges

👾 Exploit Exists

What is CVE-2023-4568?

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

Affected Version(s)

PaperCut NG 0

References

https://www.tenable.com/security/research/tra-2023-31

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 21, 2024
👾
Exploit known to exist
May 21, 2024
Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Aug 28, 2023

CVE-2023-4568 Data

JSON