“We highly recommend upgrading to one of these versions containing the fix. “Both of these vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later,” the company said. The bug allows hackers to extract information about users stored within a customer’s PaperCut MF and NG servers, including usernames, full names, email addresses, department information and payment card numbers associated with the accounts. PaperCut also sounded the alarm about a separate but similar flaw in its software, tracked as CVE-2023-27351 with a vulnerability severity rating of 8.2 out of 10. The vulnerability, tracked as CVE-2023-27350, is scored 9.8 out of a possible 10 in vulnerability severity as it could allow an unauthenticated attacker to remotely execute malicious code on a server without needing credentials. In an advisory last week, PaperCut said that a critical vulnerability it patched earlier in March was under active attack against machines that had yet to install the security update. PaperCut’s website says it has over 100 million users from more than 70,000 organizations worldwide. PaperCut offers two print management products, PaperCut NG and PaperCut MF, used by local governments, large enterprises and healthcare and education institutions. While signed in to GreyNoise, click below to set up a daily alert to be notified of new results.Print management software maker PaperCut says attackers are exploiting a critical-rated security vulnerability to gain access to unpatched servers on customer networks. Sign up for a free GreyNoise account or request a demo to see how GreyNoise can help. (This information is included in PaperCut’s advisory). GreyNoise recommends that organizations that use PaperCut follow the vendor's guidance to upgrade and review systems for signs of compromise. It could be that exploitation is happening in a more targeted fashion or simply because scanning for this vulnerability isn’t technically necessary as a specific Google search will return a few thousand hits which attackers can use to focus exploitation attempts on. PaperCut Authentication Bypass Check: IP addresses with this tag have been observed checking for the existence of CVE-2023-27350, an authentication bypass vulnerability in PaperCut MF/NG.Īt the time of publication, GreyNoise has not observed mass exploitation for this vulnerability but has observed two IPs mass scanning for the vulnerability this could be for a few reasons.PaperCut RCE Attempt : IP addresses with this tag have been observed attempting to exploit CVE-2023-27350, an authentication bypass vulnerability in PaperCut MF/NG that could result in remote code execution.GreyNoise has published two tags related to this PaperCut vulnerability: Additionally, the PaperCut advisory also points out reports of exploitation dating back to April 13, 2023, 15:29 UTC. The inclusion of this vulnerability on the KEV list implies that exploitation has been confirmed in the wild. Originally ZDI-23-233, CVE-2023-27350 (CVSS 9.8) impacts both application servers and site servers for PaperCut MF and NG version 8.0 or later, according to PaperCut, and have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later. PaperCut MF and PaperCut NG are both enterprise printer management software. On Friday, April 21, 2023, CISA added CVE-2023-27350 (a critical unauthenticated remote code execution vulnerability) impacting PaperCut MF and PaperCut NG to the Known Exploited Vulnerabilities (KEV) list.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |