April 24, 2023

PaperCut Vulnerabilities Exploited in the Wild

PaperCut addressed critical and high vulnerabilities affecting PaperCut MF and PaperCut NG. Unpatched servers exploited in the wild.

The Vulnerability

• CVE-2023-27350 (CVSS score: 9.8, Critical) – Unauthenticated Remote Code Execution Vulnerability. Successful exploit of this vulnerability could allow a threat actor to bypass authentication and execute arbitrary code as SYSTEM.
• CVE-2023-27351 (CVSS score: 8.2, High) – Unauthenticated Information Disclosure Vulnerability. Successful exploit of this vulnerability could allow a threat actor to bypass authentication.

Affected Products

• CVE-2023–27350: Application & Site Servers. PaperCut MF or NG version 8.0 or later.
• CVE-2023–27351: Application Servers. PaperCut MF or NG version 15.0 or later.

Mitigation

CYREBRO recommends updating up to the latest version.

References: Papercut Advisory.