April 24, 2023
PaperCut Vulnerabilities Exploited in the Wild
PaperCut addressed critical and high vulnerabilities affecting PaperCut MF and PaperCut NG. Unpatched servers exploited in the wild.
- CVE-2023-27350 (CVSS score: 9.8, Critical) – Unauthenticated Remote Code Execution Vulnerability. Successful exploit of this vulnerability could allow a threat actor to bypass authentication and execute arbitrary code as SYSTEM.
- CVE-2023-27351 (CVSS score: 8.2, High) – Unauthenticated Information Disclosure Vulnerability. Successful exploit of this vulnerability could allow a threat actor to bypass authentication.
- CVE-2023–27350: Application & Site Servers. PaperCut MF or NG version 8.0 or later.
- CVE-2023–27351: Application Servers. PaperCut MF or NG version 15.0 or later.
CYREBRO recommends updating up to the latest version.
References: Papercut Advisory.