PaperCut CVE-2023-27350: Critical Unauthenticated Remote Code Execution Vulnerability Exploited in Wild

About PaperCut:

PaperCut is a widely adopted print management software that allows millions of organizations to streamline and control printing activities. It helps the task of printing easier and more secure. However, recent developments have shed light on a critical security vulnerability, identified as CVE-2023-27350, which poses a significant threat to the integrity and security of PaperCut installations.

This article aims to provide an overview of vulnerability exploitation, its potential impact, and steps to mitigate the risk.

About CVE-2023-27350:

CVE-2023-27350 is identified in PaperCut MF and NG products which are vulnerable to authentication bypass and arbitrary code execution. The vulnerability has a critical 9.8 score, an unauthenticated attacker can use it to perform RCE on an unpatched PaperCut Application Server. The vulnerability was disclosed in March 2023 and started exploiting wildly by attackers in mid-April. “The Education Facilities Subsector” started to be the victim of numerous APT and ransomware attacks.

Affected PaperCut Versions:

CVE-2023-27350 affects the following versions:

PaperCut Products	Affected Versions on all OS platforms
PaperCut MF/ PaperCut NG	8.0.0 to 19.2.7
	20.0.0 to 20.1.6
	21.0.0 to 21.2.10
	22.0.0 to 22.0.8

These papercut versions allow an attacker to bypass authentication and execute arbitrary commands, make sure to upgrade to patched versions.

Exploit POCs for PaperCut:

Exploit POC of CVE-2023-27350 performs a scan on a PeaperCut server to find the Server version, Status Code, and authentication bypass link.

One for the setup completed page: http://<ip>:9191/app?service=page/SetupCompleted. The second link is for authentication bypass:http://<ip>:9191/app?service=page/Dashboard.

The POC shows the Python script performs a bypass without the proper authentication. http://<ip>:9191/app?service=page/Dashboard.

Mitigation:

Organizations should update application servers with one of the fixed versions as the solution. PaperCut MF/NG 20.1.7, 21.2.11, and 22.0.9 are patched versions make sure to upgrade immediately.

Contributed by Sharanu Kalyan

Intelliroot

PaperCut CVE-2023-27350: Critical Unauthenticated Remote Code Execution Vulnerability Exploited in Wild

Post a Comment

0 Comments

Popular Posts

Path Traversal and Remote Code Execution in Apache 2.4.49

Understanding the Exploitation of CVE-2023-3460 in Ultimate Member Plugin

Evil Twin Attack: The Most Sinister Wifi Attack

CVE-2023-38831: RARLabs WinRAR Zero-Day RCE

Categories

Tags

Tags

Popular Posts

Path Traversal and Remote Code Execution in Apache 2.4.49

Understanding the Exploitation of CVE-2023-3460 in Ultimate Member Plugin

Evil Twin Attack: The Most Sinister Wifi Attack

CVE-2023-38831: RARLabs WinRAR Zero-Day RCE

Menu Footer Widget

PaperCut CVE-2023-27350: Critical Unauthenticated Remote Code Execution Vulnerability Exploited in Wild

You may like these posts

Post a Comment

0 Comments

Social Plugin

Popular Posts

Categories

Tags

Tags

Popular Posts

Menu Footer Widget