9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.961 High
EPSS
Percentile
99.2%
PaperCut, maker of print management solutions, has urged product users to update as soon as possible. A security vulnerability which exploits unpatched servers has been seen in the wild, with serious ramifications for any organisation impacted.
Two specific vulnerabilities are at the heart of this alert, and are ranked with severity scores of 9.8 (critical) and 8.2 (high) respectively. Full information about the individual security flaws has not been revealed, in order to reduce the likelihood of more attackers making use of them.
At time of writing, both security issues have been addressed with patches. If you update your PaperCut application servers, you are no longer at risk. A recent check in security tool Shodanβs search functionality highlights roughly 1,700 software instances currently exposed to the internet. These flaws are quite severe, so it's absolutely worth your time to get things updated as soon as possible.
From the Updating FAQ:
PaperCut advises those who are unable to apply the patches to follow the below steps:
The two exploits in question are:
> CVE-2023-27350: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability.
>
> CVE-2023-27351: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system.
In both cases, compromised systems could be used to perform additional exploitation after the initial attack. Arbitrary code can be deployed, or even ransomware if that's part of the attacker's toolkit. The relative ease with which these exploits can be launched is just one reason for the high threat severity score. Indeed, researchers quickly discovered two types of (legitimate) remote management software being used in these attacks. These management tools are used to grant a potential form of persistent remote access to the target network. From here, they can burrow in ever deeper without the affected organisation noticing.
It will probably be a while before all possible patchable installations are running the necessary updates. If you're potentially affected, do your part and head over to the updates page immediately.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.961 High
EPSS
Percentile
99.2%