Cyber Resilience

CVE-2023-27351

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 20 April 2023

Published
20 April 2023
Modified
21 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6564 98.5th percentile
Risk Priority 74 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27351 is a high-severity Improper Authentication (CWE-287) vulnerability in Papercut Papercut Mf. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2023-27351 is an authentication bypass vulnerability affecting PaperCut NG version 22.0.5 (Build 63914). The flaw resides in the SecurityRequestFilter class and stems from improper implementation of the authentication algorithm, enabling remote attackers to circumvent authentication controls entirely. It carries a CVSS 3.1 score of 7.5 and is tracked under CWE-287.

Unauthenticated attackers can exploit the issue over the network to bypass login mechanisms and obtain unauthorized access to the affected system, resulting in high-impact disclosure of sensitive information.

PaperCut knowledge base articles PO-1216 and PO-1219, along with the corresponding Zero Day Initiative advisory ZDI-23-232, outline mitigation steps including available patches, while CISA lists the CVE in its known exploited vulnerabilities catalog.

The associated EPSS score reached a peak of 0.8773 before receding to its current value of 0.6564, and the CISA entry confirms observed exploitation activity in real-world environments.

EU & UK References

Vulnerability details

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of…

more

the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.

CWE(s)
KEV Date Added
See CISA KEV catalog

Related Threats

Threat-Actor AttributionAI

Cl0p
Cl0p ransomware exploited PaperCut NG auth bypass CVE-2023-27351 (CISA KEV + Mandiant/Unit42 reporting).

Affected Assets

papercut
papercut mf
15.0 — 20.1.7 · 21.0.0 — 21.2.11 · 22.0.0 — 22.0.9
papercut
papercut ng
15.0 — 20.1.7 · 21.0.0 — 21.2.11 · 22.0.0 — 22.0.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication decisions before granting access, blocking the improper algorithm bypass in SecurityRequestFilter.

prevent

Requires reliable identification and authentication of users before system access, directly countering the CWE-287 flaw that allows unauthenticated entry.

prevent

Mandates timely remediation of known software flaws such as the reported authentication bypass in PaperCut NG 22.0.5.

References