What is CVE-2023-4568?

CVE-2023-4568 is a medium-severity vulnerability in Papercut Ng, classified under Improper Authentication. CVSS score: 6.5/10. Published 2023-09-13.

How severe is CVE-2023-4568?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2023-4568 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Papercut Ng

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

Vulnerability class: Broken Authentication

EPSS: 0.782 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Papercut Ng — versions 0

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

www.tenable.com/security/research/tra-2023-31

Frequently asked questions

What is CVE-2023-4568?: CVE-2023-4568 is a medium-severity vulnerability in Papercut Ng, classified under Improper Authentication. CVSS score: 6.5/10. Published 2023-09-13.
How severe is CVE-2023-4568?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2023-4568 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.