The earliest exploitation attempt was found to have been initiated by Lockbit. Which threat actors are exploiting the Papercut vulnerabilities? You can find the upgrade instructions for Papercut application servers on this page. So, Papercut NG and MF application servers need to be patched to the following versions: This vulnerability affects application servers only. Upgrade Papercut NG and MF application and site servers to version 20.1.7, 21.2.11, or 22.0.9 or later versions.The RCE threat CVE-2023-27350 can be remediated by upgrading the Papercut application and site servers to one of the fixed versions: The remediation version details for each vulnerability are given hereunder. Papercut vulnerability remediationĬVE-2023-27350 and CVE-2023-27351 can be remediated by upgrading Papercut NG and MF to one of the fixed versions. This user disclosure or information disclosure vulnerability affects the following versions of Papercut NG and MF:ĬVE-2023-27351 does not impact or is fixed in the following versions of Papercut NG and MF:ĬVE-2023-27351 affects Papercut application servers. These could also be called the Papercut NG and MF versions in which the vulnerability is fixed. The following versions of Papercut NG and MF are not impacted by CVE-2023-27350: The impacted servers include Papercut NG and MF application servers and site servers. The specific versions that are impacted include: The RCE vulnerability on Papercut NG and MF affects Papercut NG and MF versions 8 and later. Since there are two vulnerabilities that affect Papercut NG and MF, we will look at the versions impacted by each vulnerability below. What versions of Papercut NG and MF are impacted? However, no exploitation attempts or attacks have been found to be targeting CVE-2023-27351.Threat actors could also access and retrieve hashed passwords from internal PaperCut-created user accounts.As part of this vulnerability, unauthorized attackers can potentially extract user account information, such as usernames, full names, email addresses, office and department information, and payment card numbers, that is stored within a customer’s PaperCut MF and NG servers.The vulnerability is being tracked as a zero-day under ZD-23-232.CVE-2023-23751 is another zero-day threat that affects Papercut NG and MF application servers.The details of CVE-2023-27351 are shared below. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. The issue results from improper access control in the Papercut application suite.Threat actors are using this file to deliver malicious payloads through the network. The application executable for Papercut NG and MF is pc-app.exe. As part of the vulnerability, the unpatched Papercut application servers can be used to launch RCE attacks.This vulnerability is a subject of ‘In the Wild’ attacks by malicious actors.The vulnerability is being tracked as a zero-day threat under ZD-23-233.CVE-2023-27350 has a CRITICAL severity.CVE-2023-27350 is a Remote Code Execution threat.The details of this vulnerability are shared below in a concise manner: There have been ‘In the Wild’ attacks on Papercut application servers. These vulnerabilities were reported under the Zero-day initiative (ZDI) and are mentioned below: CVE-2023-27350ĬVE-2023-27350 is being exploited by threat actors as we write this. Trend Micro reported two vulnerabilities on Papercut NG and MF. The vulnerability was first reported by Trend Micro on 18th April 2023. Papercut vulnerability refers to a security threat that exists in Papercut NG and MF editions. Therefore, the vulnerabilities affecting Papercut assume significance for system administrators. Papercut has over 100 million users across the world. Papercut seeks to optimize print services, reduce costs, and simplify user interaction and management for print tasks. Notifications for printer errors and low toner. ![]()
0 Comments
Leave a Reply. |