PaperCut NG/MF Improper Authentication Vulnerability
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
Quick answer
PaperCut NG/MF should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- Review vendor advisory for affected versions.
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Treat CVE-2023-27351 as an actively exploited PaperCut NG/MF authentication bypass risk. PaperCut states that affected MF/NG versions include older 15.x-19.2.7, 20.0.0-20.1.6, 21.0.0-21.2.10, and 22.0.0-22.0.8 ranges, and that fixed versions include 20.1.7, 21.2.11, and 22.0.9 or later. Patch Application Servers and Site Servers immediately, especially internet-facing systems. Because CISA and the local record mark exploitation as known, investigate for compromise before considering the issue closed.
- Inventory every PaperCut MF and NG Application Server, Site Server, public admin URL, print server, and proxy path.
- Identify affected PaperCut versions in the 15.0.0-19.2.7, 20.0.0-20.1.6, 21.0.0-21.2.10, and 22.0.0-22.0.8 ranges.
- Upgrade affected systems to PaperCut 20.1.7, 21.2.11, 22.0.9, or a later supported fixed release.
- Restrict PaperCut administrative and application endpoints to trusted administrator networks or VPN until patching is verified.
- Review PaperCut application logs, server logs, print job activity, admin accounts, integrations, and scheduled tasks for suspicious changes.
- Follow PaperCut incident response guidance if exploitation indicators are found, including preserving logs and evidence.
- Rotate PaperCut administrator credentials, service credentials, and integration secrets if unauthorized access is suspected.
- Rebuild or restore from trusted backups if persistence or unauthorized code execution is identified.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm every PaperCut MF/NG Application Server and Site Server reports 20.1.7, 21.2.11, 22.0.9, or later.
- Confirm PaperCut admin and application endpoints are not directly exposed to untrusted networks unless explicitly required and protected.
- Confirm vulnerability management no longer flags CVE-2023-27351 on PaperCut hosts.
- Review post-upgrade logs for continued authentication bypass attempts or unexpected admin activity.
- Run a Fixnx scan against public PaperCut hostnames to verify exposure was reduced.
Related categories
Trusted references
FAQ
What is affected by CVE-2023-27351?
PaperCut NG/MF should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
