PaperCut CVE-2023-27350: Critical Unauthenticated Remote Code Execution Vulnerability Exploited in Wild

 About PaperCut:

PaperCut is a widely adopted print management software that allows millions of organizations to streamline and control printing activities. It helps the task of printing easier and more secure. However, recent developments have shed light on a critical security vulnerability, identified as CVE-2023-27350, which poses a significant threat to the integrity and security of PaperCut installations.

This article aims to provide an overview of vulnerability exploitation, its potential impact, and steps to mitigate the risk.


About CVE-2023-27350:

CVE-2023-27350 is identified in PaperCut MF and NG products which are vulnerable to authentication bypass and arbitrary code execution. The vulnerability has a critical 9.8 score, an unauthenticated attacker can use it to perform RCE on an unpatched PaperCut Application Server. The vulnerability was disclosed in March 2023 and started exploiting wildly by attackers in mid-April. “The Education Facilities Subsector” started to be the victim of numerous APT and ransomware attacks.


Affected PaperCut Versions:

CVE-2023-27350 affects the following versions:

PaperCut Products

Affected Versions on

all OS platforms


PaperCut MF/ PaperCut NG


8.0.0 to 19.2.7

20.0.0 to 20.1.6

21.0.0 to 21.2.10

                            22.0.0 to 22.0.8

These papercut versions allow an attacker to bypass authentication and execute arbitrary commands, make sure to upgrade to patched versions.

Exploit POCs for PaperCut:

Exploit POC of CVE-2023-27350 performs a scan on a PeaperCut server to find the Server version, Status Code, and authentication bypass link.

One for the setup completed page: http://<ip>:9191/app?service=page/SetupCompleted. The second link is for authentication bypass:http://<ip>:9191/app?service=page/Dashboard.


The POC shows the Python script performs a bypass without the proper authentication. http://<ip>:9191/app?service=page/Dashboard.


Organizations should update application servers with one of the fixed versions as the solution. PaperCut MF/NG 20.1.7, 21.2.11, and 22.0.9 are patched versions make sure to upgrade immediately.

Contributed by Sharanu Kalyan

Post a Comment