CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 12, 2023

CVE-2023-27350

High

EPSS 94.3%CISA KEVRansomware

Description

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

EPSS — Exploit Probability

94.3%

Higher than 99.9% of all CVEs

Required Action

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219; https://nvd.nist.gov/vuln/detail/CVE-2023-27350

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 94.3%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Apr 21, 2023

Added to KEV

Apr 21, 2023

Remediation Due

May 12, 2023

Affected Product

PaperCut

MF/NG

View all PaperCut CVEs

External Links

NVD (NIST)CVE Details MITRE CVE