PaperCut Vulnerability - CVE-2023-27350, CVE-2023-27351

20 Apr / 2023

Cyber Security

PaperCut MF & PaperCut NG Vulnerabilities

CVE: CVE-2023-27350, CVE-2023-27351

WHAT IS VULNERABLE?

  • PaperCut MF or NG version 8.0 or later, on all OS platforms (CVE-2023-27350) (Remote Code Execution)
  • PaperCut MF or NG version 15.0 or later, on all OS platforms (CVE-2023-27351) (Unauthenticated Information Disclosure)

WHAT IS HAPPENING?

  • Papercut have updated this security advisory (https://www.papercut.com/kb/Main/PO-1216-and-PO-1219) regarding two vulnerabilities in their Papercut MF and Papercut NG software.
  • They now advise that they have evidence to suggest that unpatched servers are being exploited in the wild.

KEY FACTS

  • Papercut has been made aware of two vulnerabilities in their Papercut MF and Papercut NG software.
  • CVE-2023-27350 is an Unauthenticated Remote Code Execution with SYSTEM level permission on the hosting server.
  • CVE-2023-27351 is an Unauthenticated Request Bypass that can allow the exfiltration all the information stored within the PaperCut NG or MF application. This includes Names, Emails, Departments and Access Card Numbers. This can include hashed passwords for locally created users, but not passwords for accounts synchronised to a directory service.

WHAT YOU CAN DO

ASSESSING FOR POSSIBLE IMPACT

  • Look for suspicious activity in Logs > Application Log, within the PaperCut admin interface.
  • Keep an eye out in particular for any updates from a user called [setup wizard].
  • Look for new (suspicious) users being created, or other configuration keys being tampered with.
  • If your Application Server server logs happen to be in debug mode, check to see if there are lines mentioning Setup Completed at a time not correlating with the server installation or upgrade. Server logs can be found e.g. in [app-path]/server/logs/*.* where server.log is normally the most recent log file.

Cythera is committed to protecting our customers from cyber threats and ensuring their business continuity. If you have any questions or concerns about CVE-2023-27350 or any other cybersecurity issue, please contact us today.


Resources

You may be interested in

Why You Shouldn’t Be Reusing Passwords In 2020

Who out there has been guilty of reusing a password? We’re all guilty of it! Results from a recent Google survey discovered that at least 65% …

Read More arrow_forward

Windows enterprise environments vulnerable to KrbRelayUp attacks.

WHAT’S HAPPENING?In April 2022, a privilege escalation hacking tool known as KrbRelayUp was publicly disclosed on GitHub by security researche…

Read More arrow_forward

Achieving Essential 8 Compliance: Why Cythera uses Automox for Patch and Office Macros Management.

At Cythera, we understand the unique cybersecurity challenges faced by Australian organisations. The Australian Signals Directorate's (ASD) Esse…

Read More arrow_forward