PaperCut NG/MG 22.0.4 - Remote Code Execution Exploit

Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...

PaperCut MF Authentication Bypass (CVE-2023-27350)

Binary data papercutmfcve-2023-27350.nbin...

PaperCut MF Detection

Binary data papercutmfdetect.nbin...

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software that allows attackers to bypass authentication and execute arbitrary code as SYSTEM on vulnerable targets. A patch is available for this vulnerability and should be applied on an...

PaperCut NG SecurityRequestFilter Authentication Bypass (CVE-2023-27351)

Binary data papercutngcve-2023-27351.nbin...

Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability

U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal...

Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability

U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal...

PaperCut authentication bypass

Added: 05/12/2023 Background PaperCut is print management software. It includes a web interface written in Java. Problem An authentication bypass vulnerability in the SetupCompleted class allows a remote, unauthenticated attacker to execute arbitrary code in the context of SYSTEM. Resolution...

PaperCut authentication bypass

Added: 05/12/2023 Background PaperCut is print management software. It includes a web interface written in Java. Problem An authentication bypass vulnerability in the SetupCompleted class allows a remote, unauthenticated attacker to execute arbitrary code in the context of SYSTEM. Resolution...

Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG

SUMMARY The Federal Bureau of Investigation FBI and Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and...

Microsoft reports two Iranian hacking groups exploiting PaperCut flaw

By Deeba Ahmed The two groups exploiting the vulnerability are Mango Sandstorm and Mint Sandstorm. Both are linked to the Iranian government and intelligence agencies. This is a post from HackRead.com Read the original post: Microsoft reports two Iranian hacking groups exploiting PaperCut flaw...

Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability

Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft disclosed over the weekend. The tech giant's threat intelligence team said it observed both Mango Sandstorm Mercury and Mint Sandstorm...

Ransomware review: May 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 CVSS score: 9.8, the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticate...

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 CVSS score: 9.8, the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticate...

The vulnerability of the SecurityRequestFilter class in network printing control software such as PaperCut MF and PaperCut NG allows a perpetrator to access user credentials.

The vulnerability of the SecurityRequestFilter class in network printing control software such as PaperCut MF and PaperCut NG is related to errors during authentication processes. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to user credentials...

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

A few days ago we wrote about two vulnerabilities found in PaperCut application servers. As we noted, exploitation was fairly simple so there was some urgency to install the patches. My esteemed colleague Chris Boyd literally wrote: "Arbitrary code can be deployed, or even ransomware if thats par...

VulnCheck KEV: CVE-2023-27351

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leak...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...