VulnCheck tracks initial access vulnerabilities, remote code execution vulnerabilities that do not require authentication, and authors detection artifacts to help organizations defend against weaponized exploits for those vulnerabilities. VulnCheck Initial Access Intelligence provides these detection artifacts in timely manner, to help organizations author detections and defend themselves, during the unclear times of recent disclosures.
When new vulnerabilities, like CVE-2023-27350 (PaperCut) are disclosed, VulnCheck researchers examine the potential use of that vulnerability in Internet-wide attacks.
In mid-April, attackers began exploiting a vulnerability in PaperCut NG and MF. The exploited vulnerability would later be assigned CVE-2023-27350. Multiple security organizations have published exploit detections and indicators of compromise that assume attackers are executing code through PaperCut’s built-in scripting interface. However, VulnCheck researchers have found a proof-of-concept exploit that bypasses all published detections from Huntress, Horizon3.ai, Emerging Threats and Microsoft. To learn more, see VulnCheck's blog: PaperCut Exploitation - A Different Path to Code Execution.
To check what detection artifacts are available for PaperCut CVE-2023-27350, simply check VulnCheck Initial Access Intelligence via: (https://api.vulncheck.com/v3/index/initial-access?cve=CVE-2023-27350).
curl --request GET \
--url https://api.vulncheck.com/v3/index/initial-access?cve=CVE-2023-27350 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"encoding/json"
"fmt"
"log"
"github.com/vulncheck-oss/sdk-go"
)
func main() {
client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
response, err := client.GetIndexInitialAccess(sdk.IndexQueryParameters{
Cve: "CVE-2023-27350",
})
if err != nil {
panic(err)
}
prettyJSON, err := json.MarshalIndent(response.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
indices_client = vulncheck_sdk.IndicesApi(api_client)
api_response = indices_client.index_initial_access_get(cve="CVE-2023-27350")
print(api_response.data)
vulncheck index browse initial-access --cve CVE-2023-27350
That will result in a response like:
// 20250225121948
// https://api.vulncheck.com/v3/index/initial-access?cve=CVE-2023-27350
{
"_benchmark": 0.056493,
"_meta": {
"timestamp": "2025-02-25T17:19:48.644136064Z",
"index": "initial-access",
"limit": 100,
"total_documents": 1,
"sort": "_id",
"parameters": [
{
"name": "cve",
"format": "^CVE-\\d{4}-\\d{4,7}$"
},
{
"name": "alias"
},
{
"name": "iava",
"format": "(?i)^\\d{4}[a-z0-9-]+$"
},
{
"name": "jvndb",
"format": "(?i)^JVNDB-\\d{4}-\\d{6}$"
},
{
"name": "ilvn",
"format": "(?i)^ILVN-\\d{4}-\\d{4}$"
},
{
"name": "threat_actor"
},
{
"name": "mitre_id"
},
{
"name": "misp_id"
},
{
"name": "ransomware"
},
{
"name": "botnet"
},
{
"name": "published"
},
{
"name": "updatedAtStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "updatedAtEndDate",
"format": "YYYY-MM-DD"
},
{
"name": "lastModStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "lastModEndDate",
"format": "YYYY-MM-DD"
},
{
"name": "pubStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "pubEndDate",
"format": "YYYY-MM-DD"
}
],
"order": "desc",
"page": 1,
"total_pages": 1,
"max_pages": 6,
"first_item": 1,
"last_item": 1
},
"data": [
{
"cve": "CVE-2023-27350",
"inKEV": true,
"inVCKEV": true,
"vulnerable_cpes": [
"cpe:2.3:a:papercut:papercut_mf:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:10.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:10.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:10.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:11.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:12.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:12.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:13.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:13.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:14.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:14.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:14.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:14.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:15.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:15.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:15.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:15.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:16.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:16.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:16.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:16.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:17.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:18.3.9:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:19.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:20.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:21.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:22.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:8.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_mf:9.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:10.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:11.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:12.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:12.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:13.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:13.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:14.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:14.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:14.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:14.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:15.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:15.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:15.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:15.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:16.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:16.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:16.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:16.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:16.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:17.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:18.3.9:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:19.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:20.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:21.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:22.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:8.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:8.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:8.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.4:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.5:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.6:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.7:*:*:*:*:*:*:*",
"cpe:2.3:a:papercut:papercut_ng:9.8:*:*:*:*:*:*:*"
],
"artifacts": [
{
"vendor": "PaperCut",
"targetEncryptedComms": "either",
"mitreAttackTechniques": [
"T1190"
],
"product": [
"PaperCut NG",
"PaperCut MF"
],
"dateAdded": "2023-04-24T00:00:00Z",
"artifactName": "PaperCut NG/MF Authentication Bypass and Code Execution",
"exploit": true,
"versionScanner": true,
"pcap": true,
"suricataRule": true,
"snortRule": true,
"yara": false,
"nmapScript": false,
"zeroday": false,
"targetService": "HTTP",
"targetDocker": false,
"googleQueries": [
"https://www.google.com/search?q=intitle%3A%22PaperCut+Login%22"
],
"googleRawQueries": [
"intitle:\"PaperCut Login\""
],
"baiduQueries": [
],
"baiduRawQueries": [
],
"shodanQueries": [
"https://www.shodan.io/search?query=html%3A%22is+a+print+management+system.+Log+in+to+manage+your+print+quotas%22+%2BJSESSIONID+%2Bhttp.favicon.hash%3A-1142586156"
],
"censysQueries": [
"https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=same_service%28services.http.response.body%3A%22is+a+print+management+system.+Log+in+to+manage+your+print+quotas%22+and+services.http.response.favicons.md5_hash%3D%224764ad78b4c0d93bc48d4d0df3b36c7e%22%29"
],
"greynoiseQueries": [
"https://viz.greynoise.io/tag/papercut-authentication-bypass-check",
"https://viz.greynoise.io/tag/papercut-rce-attempt"
],
"fofaQueries": [
"https://en.fofa.info/result?qbase64=Ym9keT0iaXMgYSBwcmludCBtYW5hZ2VtZW50IHN5c3RlbS4gTG9nIGluIHRvIG1hbmFnZSB5b3VyIHByaW50IHF1b3RhcyIgJiYgaGVhZGVyPSJKU0VTU0lPTklEIiAmJiBpY29uX2hhc2g9Ii0xMTQyNTg2MTU2Ig%3D%3D"
],
"fofaRawQueries": [
"body=\"is a print management system. Log in to manage your print quotas\" && header=\"JSESSIONID\" && icon_hash=\"-1142586156\""
],
"zoomEyeQueries": [
"https://www.zoomeye.ai/searchResult?q=aHR0cC5ib2R5PSJpcyBhIHByaW50IG1hbmFnZW1lbnQgc3lzdGVtLiBMb2cgaW4gdG8gbWFuYWdlIHlvdXIgcHJpbnQgcXVvdGFzIiAmJiBodHRwLmhlYWRlcj0iSlNFU1NJT05JRCIgJiYgaWNvbmhhc2g9Ii0xMTQyNTg2MTU2Ig%3D%3D"
],
"zoomEyeRawQueries": [
"http.body=\"is a print management system. Log in to manage your print quotas\" && http.header=\"JSESSIONID\" && iconhash=\"-1142586156\""
],
"shodanRawQueries": [
"html:\"is a print management system. Log in to manage your print quotas\" +JSESSIONID +http.favicon.hash:-1142586156"
],
"censysRawQueries": [
"same_service(services.http.response.body:\"is a print management system. Log in to manage your print quotas\" and services.http.response.favicons.md5_hash=\"4764ad78b4c0d93bc48d4d0df3b36c7e\")"
],
"cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
}
],
"_timestamp": "2025-02-04T20:22:17.598643Z"
}
]
}