CVE-2023-27351

Published Apr 20, 2023

Last updated a day ago

CVSS high 7.5
OT

Overview

Description
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Source
zdi-disclosures@trendmicro.com
NVD status
Analyzed
Products
papercut_mf, papercut_ng

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

CVSS 3.0

Type
Secondary
Base score
8.2
Impact score
4.2
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity
HIGH

Weaknesses

zdi-disclosures@trendmicro.com
CWE-287

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. CISA added 8 new vulnerabilities to KEV, including 3 in Cisco Catalyst SD-WAN Manager, and PaperCut CVE-2023-27351 (score 8.2), with active exploitation reported. Stay protected! https://t.co/W3naOtWo4g

    @technoholic_me

    22 Apr 2026

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Alerte CISA : Exploitation Active de la Vulnérabilité PaperCut CVE-2023-27351 – Correctif Urgent Requis avant le 4 Mai 2026 (zoneantimalware..com) https://t.co/bmYTB8wNnd

    @NicolasCoolman

    22 Apr 2026

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。4件についてランサムウェアによる悪用を確認。対象はPaperCut NG/MFのCVE-2023-27351、TeamCityのCVE-2024-27199、Exchange Sevr

    @__kokumoto

    21 Apr 2026

    1024 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    1 Quote

  4. TRC analysis shows attackers exploiting CVE-2023-27351 in PaperCut servers to bypass authentication, then escalating privileges and moving laterally across networks. Runtime segmentation can help contain these post-compromise attack chains. #Vulnerability 🔗 Full TRC analysis:

    @aviatrixtrc

    21 Apr 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISAが既知の悪用された脆弱性8件をカタログに追加 https://t.co/pNkjqAkOwD CVE-2023-27351 PaperCut NG/MF 認証エラーの脆弱性 CVE-2024-27199 JetBrains TeamCity 相対パストラバーサル脆弱性 CVE-2025-2749 Kentico Xperienceのパストラバー

    @cybersecnews_jp

    21 Apr 2026

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  6. Warning: Authentication bypass vulnerability in #PaperCut NG . #CVE-2023-27351 CVSS: 7.5. This vulnerability is #actively exploited and now on the #KEV list! #Patch #Patch #Patch

    @CCBalert

    21 Apr 2026

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🔒 #CyberSecurity CVE-2023-27351: PaperCut RCE and Cisco SD-WAN Flaws Added to CISA KEV "CISA flags CVE-2023-27351 in PaperCut as actively exploited. Federal agencies…" 🔗 https://t.co/8cPj8AZuSl #CyberSecurity #ThreatIntel #penetrationtesting #redteam #offensivesecurit

    @SecurityAr58409

    21 Apr 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-27351 #PaperCut #NG/MF Improper Authentication Vulnerability https://t.co/UFtjeLoCVV

    @ScyScan

    21 Apr 2026

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISAが既知の悪用された脆弱性8件をカタログに追加 CISA Adds Eight Known Exploited Vulnerabilities to Catalog #CISA (Apr 20) CVE-2023-27351 PaperCut NG/MF 認証エラーの脆弱性 CVE-2024-27199 JetBrains TeamCity 相対パストラバーサル脆弱性 C

    @foxbook

    21 Apr 2026

    376 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 BREAKING: CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including CVE-2023-27351 and CVE-2024-27199, due to active exploitation. Stay vigilant and update systems promptly. #NerdieNews #CyberSecurity #BreakingNews #InfoSec #Cisco htt

    @NewsNerdie

    20 Apr 2026

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 CVE-2023-27351 - high 🚨 PaperCut NG - Authentication Bypass > This vulnerability allows remote attackers to bypass authentication on affected insta... 👾 https://t.co/PmaHA1k0Se @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    26 Dec 2025

    147 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-27876 (Veritas Veritas..) +273.78% - CVE-2022-24521 (CLFS..) +238.29% - CVE-2021-27878 (Veritas Veritas..) +163.49% - CVE-2023-27351 (PaperCut Applic..) +95.65% - CVE-2023-20269 (ASA..) +82.95%

    @DefusedCyber

    22 Nov 2025

    2032 Impressions

    1 Retweet

    12 Likes

    5 Bookmarks

    1 Reply

    1 Quote

Configurations

Related CVEs

  1. The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.CVE-2026-5115
  2. Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).CVE-2026-4794
  3. telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.CVE-2026-32746
  4. A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.CVE-2026-20128
  5. Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor VulnerabilityCVE-2026-20133

References

Sources include official advisories and independent security research.