PaperCut MF/NG Improper Access Control Vulnerability
Released: Apr 26, 2023
Critical vulnerability in PaperCut Print Management Server exploited in the wild.
CVE-2023-27350 allows for an unauthenticated attacker to execute Remote Code Execution (RCE) on a PaperCut Application Server. Vulnerability exists within the SetupCompleted class and according to the vendor, this could be achieved remotely and without the need to log in. Learn More »
Common Vulnerabilities and Exposures
Background
Papercut offers a print management system called PaperCut MF/NG, which provides print monitoring and control capabilities. Successful exploitation of this security defect allows a remote, unauthenticated attacker to bypass authentication and execute arbitrary code with system privileges. The software supports a wide range of different printers, scanners, and other devices of that purpose and according to Shodan search, there are approximately 1700 internet exposed PaperCut servers.
Threat Radar Overall Score: 4.2
CVSS Rating | 9.0 | |
Reconnaissance Score | 92/100 | |
KEV Catalog | Yes | |
EPSS | 97% | |
FortiGuard Telemetry | 11166 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
January 10, 2023: Zero Day Initiative disclosed the vulnerabilities to PaperCut. https://www.zerodayinitiative.com/advisories/ZDI-23-233/ https://www.zerodayinitiative.com/advisories/ZDI-23-232/ March 8, 2023: PaperCut released a patch and advises to immediately upgrade PaperCut Application Servers to one of the fixed versions provided. https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
April 19, 2023: Vendor reported unpatched servers are being exploited in the wild, particularly the flaw CVE-2023–27350. April 24, 2023: CISA added CVE-2023-27350 to its known exploited catalog (KEV). Both vulnerabilities (CVE-2023-27350, CVE-2023–27351) have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later. FortiGuard Labs has released an IPS signature to detect and block attacks leveraging (CVE-2023-27350) which has been seen to be exploited in the wild. According to PaperCut, there is no evidence that CVE-2023-27351 is being used in the wild. However, it is strongly advised to apply patches for both immediately if not already done.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
IOC
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Vulnerability Detects vulnerable Papercut instances (CVE-2023-27350, CVE-2023-27351)
IPS Detects and blocks attack attempts leveraging Papercut MF/NF (CVE-2023-27350)
Assisted Response Services Experts to assist you with analysis, containment and response activities.
FortiRecon: ACI
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.