virus logo Outbreak Alert

PaperCut MF/NG Improper Access Control Vulnerability

Released: Apr 26, 2023

Download PDF »

PaperCut RCE Vulnerability Attack Tags

High Severity

Subscribe

Critical vulnerability in PaperCut Print Management Server exploited in the wild

CVE-2023-27350 allows for an unauthenticated attacker to execute Remote Code Execution (RCE) on a PaperCut Application Server. Vulnerability exists within the SetupCompleted class and according to the vendor, this could be achieved remotely and without the need to log in. Learn More »

Common Vulnerabilities and Exposures


Background

Papercut offers a print management system called PaperCut MF/NG, which provides print monitoring and control capabilities. Successful exploitation of this security defect allows a remote, unauthenticated attacker to bypass authentication and execute arbitrary code with system privileges. The software supports a wide range of different printers, scanners, and other devices of that purpose and according to Shodan search, there are approximately 1700 internet exposed PaperCut servers.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


January 10, 2023: Zero Day Initiative disclosed the vulnerabilities to PaperCut.
https://www.zerodayinitiative.com/advisories/ZDI-23-233/
https://www.zerodayinitiative.com/advisories/ZDI-23-232/

March 8, 2023: PaperCut released a patch and advises to immediately upgrade PaperCut Application Servers to one of the fixed versions provided.
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219


April 19, 2023: Vendor reported unpatched servers are being exploited in the wild, particularly the flaw CVE-2023–27350.

April 24, 2023: CISA added CVE-2023-27350 to its known exploited catalog (KEV).

Both vulnerabilities (CVE-2023-27350, CVE-2023–27351) have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later. FortiGuard Labs has released an IPS signature to detect and block attacks leveraging (CVE-2023-27350) which has been seen to be exploited in the wild. According to PaperCut, there is no evidence that CVE-2023-27351 is being used in the wild. However, it is strongly advised to apply patches for both immediately if not already done.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Vulnerability

  • IPS

DETECT

  • IOC

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.