Attackers are currently using a “critical” classified vulnerability in the Papercut MF/NG print management solution and run malicious code on systems. In current versions, the developers have closed another security hole.
The vulnerabilities
The critical vulnerability (CVE-2023-27350) affects an alert the Papercut Application Server. Attackers could start there without authentication in order to push their own code onto computers and execute them. This usually leads to a complete compromise of a system. The developers are currently not explaining exactly how attacks work. Papercut claims to have observed the first attacks in mid-April 2023.
Attackers successfully put at the second vulnerability (CVE-2023-27351″hoch“), they could access user data such as e-mail addresses including hashed passwords. This should be possible remotely without authentication.
Install security updates
The developers state that all versions up to and including Paper Cut MF/NG 8.0 are affected by the critical vulnerability. The other vulnerability affects releases up to and including 15.0. The following papercut versions are protected against the attacks described:
- MF – 20.1.7, 21.2.11, 22.0.9
- OF – 20.1.7, 21.2.11, 22.0.9
Only when users have installed the secure versions will Papercut publish further details about the gaps at a later date. In the warning message, they list workarounds to secure, if admins cannot install the patches immediately. There you will also find information by which you can recognize systems that have already been attacked.
(of the)