PaperCut Vulnerability - CVE-2023-27350, CVE-2023-27351

20 Apr / 2023

Cyber Security

PaperCut MF & PaperCut NG Vulnerabilities

CVE: CVE-2023-27350, CVE-2023-27351

WHAT IS VULNERABLE?

  • PaperCut MF or NG version 8.0 or later, on all OS platforms (CVE-2023-27350) (Remote Code Execution)
  • PaperCut MF or NG version 15.0 or later, on all OS platforms (CVE-2023-27351) (Unauthenticated Information Disclosure)

WHAT IS HAPPENING?

  • Papercut have updated this security advisory (https://www.papercut.com/kb/Main/PO-1216-and-PO-1219) regarding two vulnerabilities in their Papercut MF and Papercut NG software.
  • They now advise that they have evidence to suggest that unpatched servers are being exploited in the wild.

KEY FACTS

  • Papercut has been made aware of two vulnerabilities in their Papercut MF and Papercut NG software.
  • CVE-2023-27350 is an Unauthenticated Remote Code Execution with SYSTEM level permission on the hosting server.
  • CVE-2023-27351 is an Unauthenticated Request Bypass that can allow the exfiltration all the information stored within the PaperCut NG or MF application. This includes Names, Emails, Departments and Access Card Numbers. This can include hashed passwords for locally created users, but not passwords for accounts synchronised to a directory service.

WHAT YOU CAN DO

ASSESSING FOR POSSIBLE IMPACT

  • Look for suspicious activity in Logs > Application Log, within the PaperCut admin interface.
  • Keep an eye out in particular for any updates from a user called [setup wizard].
  • Look for new (suspicious) users being created, or other configuration keys being tampered with.
  • If your Application Server server logs happen to be in debug mode, check to see if there are lines mentioning Setup Completed at a time not correlating with the server installation or upgrade. Server logs can be found e.g. in [app-path]/server/logs/*.* where server.log is normally the most recent log file.

Cythera is committed to protecting our customers from cyber threats and ensuring their business continuity. If you have any questions or concerns about CVE-2023-27350 or any other cybersecurity issue, please contact us today.


Resources

You may be interested in

FortiManager API Vulnerability - CVE-2024-47575

FortiManager API Vulnerability CVE: CVE-2024-47575 CVSS: 9.8/10 What is Vulnerable: Multiple versions of FortiManager are affected by this n…

Read More arrow_forward

Microsoft Outlook for Windows 0-Day Vulnerability - CVE-2023-23397

Microsoft Outlook for Windows 0Day vulnerabilityCVE: CVE-2023-23397 WHAT IS VULNERABLE? All versions of Outlook for Windows Outlook Web Acces…

Read More arrow_forward

Data Harvester Parading as a Legitimate Application -ZoomInfoContactContributor.exe

What is Happening?Cythera are reporting a significant increase in the installation of a potentially unwanted application called ZoomInfo Contact…

Read More arrow_forward