📄 Description (English)
PaperCut MF/NG Improper Access Control Vulnerability — PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
🤖 AI Executive Summary
CVE-2023-27350 is a critical authentication bypass vulnerability in PaperCut MF/NG that allows unauthenticated attackers to execute arbitrary code with system privileges. The vulnerability exists in the SetupCompleted class and has active exploits available. This poses an immediate threat to organizations using PaperCut for print management, particularly in Saudi government and enterprise environments.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 19, 2026 20:32
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses severe risk to Saudi government entities, ARAMCO, banking sector, and large enterprises relying on PaperCut for print infrastructure. Government agencies under NCA oversight, SAMA-regulated financial institutions, and healthcare facilities using PaperCut are at critical risk. The authentication bypass enables complete system compromise, potentially affecting document security, financial transactions, and sensitive government communications. Print servers often have elevated network access, making this a high-impact supply chain vulnerability.
🏢 Affected Saudi Sectors
Government
Banking
Healthcare
Energy (ARAMCO)
Telecommunications
Education
Large Enterprises
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all PaperCut MF/NG instances in your environment and document versions
2. Isolate affected systems from untrusted networks immediately
3. Implement network segmentation to restrict access to PaperCut admin interfaces
4. Enable detailed logging and monitoring of PaperCut services
PATCHING:
1. Apply PaperCut security patches immediately (versions 20.1.7, 21.2.11, 22.0.12, 22.1.11 or later)
2. Verify patch installation by checking version numbers in admin console
3. Restart PaperCut services after patching
COMPENSATING CONTROLS (if patching delayed):
1. Restrict network access to PaperCut admin interfaces (port 9191/9192) to authorized IPs only
2. Implement WAF rules to block suspicious SetupCompleted class requests
3. Deploy IDS/IPS signatures to detect exploitation attempts
4. Require VPN access for all PaperCut administrative functions
DETECTION:
1. Monitor for HTTP POST requests to /api/v1/auth/login without valid credentials
2. Alert on SetupCompleted class instantiation from external sources
3. Track unexpected process execution from PaperCut service accounts
4. Review PaperCut logs for authentication bypass attempts (look for successful logins without credentials)
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ PaperCut MF/NG في بيئتك وتوثيق الإصدارات
2. عزل الأنظمة المتأثرة عن الشبكات غير الموثوقة فوراً
3. تطبيق تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة PaperCut
4. تفعيل السجلات المفصلة ومراقبة خدمات PaperCut
تطبيق التصحيحات:
1. تطبيق تصحيحات أمان PaperCut فوراً (الإصدارات 20.1.7، 21.2.11، 22.0.12، 22.1.11 أو أحدث)
2. التحقق من تثبيت التصحيح بفحص أرقام الإصدارات في وحدة التحكم
3. إعادة تشغيل خدمات PaperCut بعد التصحيح
الضوابط البديلة (إذا تأخر التصحيح):
1. تقييد الوصول إلى واجهات إدارة PaperCut (المنفذ 9191/9192) للعناوين المصرح بها فقط
2. تطبيق قواعد جدار الحماية لحجب طلبات فئة SetupCompleted المريبة
3. نشر توقيعات IDS/IPS للكشف عن محاولات الاستغلال
4. طلب الوصول عبر VPN لجميع وظائف إدارة PaperCut
الكشف:
1. مراقبة طلبات HTTP POST إلى /api/v1/auth/login بدون بيانات اعتماد صحيحة
2. تنبيه عند إنشاء فئة SetupCompleted من مصادر خارجية
3. تتبع تنفيذ العمليات غير المتوقعة من حسابات خدمة PaperCut
4. مراجعة سجلات PaperCut للكشف عن محاولات التحايل على المصادقة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Access Control Policy
A.5.2.1 - User Registration and De-registration
A.5.2.2 - User Access Provisioning
A.5.2.3 - Management of Privileged Access Rights
A.5.3.1 - Management of Secret Authentication Information
A.8.2.1 - User Endpoint Devices
A.8.3.1 - Information and Other Assets Associated with Information Processing Facilities
🔵 SAMA CSF
ID.AM-1 - Asset Management
PR.AC-1 - Access Control Policy and Procedures
PR.AC-2 - Physical and Logical Access Controls
PR.AC-3 - Access Enforcement
PR.AC-4 - Access Rights Management
DE.CM-1 - Detection and Analysis
🟡 ISO 27001:2022
5.3 - Segregation of Duties
6.2 - Privileged Access Rights
8.2 - Privileged Access Rights
8.3 - Information Access Restriction
8.4 - Access to Source Code
8.5 - Secure Authentication
🟣 PCI DSS v4.0
Requirement 2 - Default Security Parameters
Requirement 6 - Secure Development and Vulnerability Management
Requirement 7 - Restrict Access to Cardholder Data
Requirement 8 - Identify and Authenticate Access
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
PaperCut:MF/NG