Horizon3.ai Chief Architect Naveen Sunkavally has just published “Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability,” a deep dive into the technical details behind a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software, and brute force explanation. The vuln can be exploited to download and delete arbitrary files, and in certain configurations upload files, leading to remote code execution.
Naveen notes that the vuln is “something that a patient determined attacker may choose to exploit in certain targeted scenarios and an interesting case study of how a bunch of seemingly minor issues can be chained together to achieve total compromise.”
The deep dive details brute forcing, and notes that CVE-2023-39143 is made possible by a series of seemingly minor issues:
- Weak authentication to the WebDAV endpoint
- Lack of rate limiting of authentication attempts to the WebDAV endpoint
- Not limiting HTTP methods invoked over WebDAV
- Path traversal in the third party net.sf.webdav package
- Path traversal in the CustomReportExample servlet
- Using UUIDs to authenticate a site server to a PaperCut server
- Hardcoded credentials to access the External Device XMLRPC API
PaperCut users exposing it to the Internet that haven’t yet updated to 22.1.3+ are urged to do so, and the deep dive also recommends mitigation steps if upgrading is not immediately possible.
Horizon3.ai Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability: https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
Horizon3.ai August 4, 2023 Advisory: CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability: https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
PaperCut NG/MF Security Bulletin (July 2023): https://www.papercut.com/kb/Main/securitybulletinjuly2023/
Like this:
Like Loading...
Related
This entry was posted on January 13, 2024 at 8:55 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
PaperCut Vulnerability Deep Dive: Seemingly Minor Issues When Chained Together Enable Pwnage Says Horizon3.ai
Horizon3.ai Chief Architect Naveen Sunkavally has just published “Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability,” a deep dive into the technical details behind a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software, and brute force explanation. The vuln can be exploited to download and delete arbitrary files, and in certain configurations upload files, leading to remote code execution.
Naveen notes that the vuln is “something that a patient determined attacker may choose to exploit in certain targeted scenarios and an interesting case study of how a bunch of seemingly minor issues can be chained together to achieve total compromise.”
The deep dive details brute forcing, and notes that CVE-2023-39143 is made possible by a series of seemingly minor issues:
PaperCut users exposing it to the Internet that haven’t yet updated to 22.1.3+ are urged to do so, and the deep dive also recommends mitigation steps if upgrading is not immediately possible.
Horizon3.ai Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability: https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
Horizon3.ai August 4, 2023 Advisory: CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability: https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
PaperCut NG/MF Security Bulletin (July 2023): https://www.papercut.com/kb/Main/securitybulletinjuly2023/
Share this:
Like this:
Related
This entry was posted on January 13, 2024 at 8:55 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.