all InfoSec news
PaperCut NG Unauthenticated XMLRPC Functionality
Tenable Research Advisories www.tenable.com
Insufficient access controls for XMLRPC operations exist in PaperCut NG. Versions 22.0.12 and earlier are confirmed vulnerable. Later versions may also be affected due to lack of a vendor-supplied patch.
Access to XMLPRC operations in PaperCut NG are controlled by various allowed IP lists. By default many allowed IP lists (i.e., auth.providers.allowed-addresses) are configured to be a wildcard, which allows an unauthenticated remote attacker to issue XMLPRC calls.
Proof of Concept
// Add a printer; …
access access controls controls default lists may operations papercut patch unauthenticated vendor vulnerable