CVE-2023-27351: PaperCut NG/MF Improper Authentication Vulnerability
Summary
A critical improper authentication vulnerability (CVE-2023-27351) has been identified in PaperCut NG/MF. This flaw allows remote attackers to bypass authentication mechanisms through the SecurityRequestFilter class. Federal agencies have a deadline to apply mitigations or discontinue use.
IFF Assessment
This vulnerability allows remote attackers to bypass authentication, which is a critical security control, posing a significant risk to systems.
Severity
The CVSS score is estimated based on the description of an improper authentication vulnerability that allows remote attackers to bypass authentication, indicating a high severity with potential for significant impact on confidentiality, integrity, and availability.
CISA KEV: Listed as actively exploited. Federal patch due: May 04, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in PaperCut NG/MF presents a high-risk entry point for attackers, as it allows for authentication bypass. Defenders must prioritize applying vendor-provided mitigations or consider alternative solutions if immediate patching is not feasible, especially given the potential for this to be leveraged in ransomware attacks.