WARNING: Ransomware actors are actively exploiting a critical Remote Code Execution vulnerability in PaperCut Print software, Patch Immediately!
CVE-2023-27350 CVSS:9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Risks
Papercut has released security updates for a critical remote code execution (RCE) vulnerability, CVE-2023-27350, affecting PaperCut MF or NG.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain execute remote code execution on a vulnerable PaperCut Application Server.
A Successful attack has a high impact on all vertices of the CIA triad impacting Confidentiality, Integrity, and availability.
Threat actors are actively exploiting CVE-2023-27350 in order to deploy Clop and LockBit ransomware.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.
Description
PaperCut is print management software used by organizations that help to make the task of printing easier and more secure.
PaperCut produces printing management software for Canon, Epson, Xerox, and almost every other major printer brand. Its tools are used by more than 70,000 organizations, including government agencies, universities, and large companies around the world.
A remote attacker can bypass authentication and execute arbitrary code on vulnerable PaperCut MF/NG infrastructure.
Recommended Actions
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident
References
https://www.bleepingcomputer.com/news/security/microsoft-clop-and-lockbit-ransomware-behind-papercut-server-hacks/ https://therecord.media/hackers-use-papercut-vulnerabilities-to-deploy-clop-ransomware https://duo.com/decipher/papercut-flaws-exploited-to-deploy-clop-lockbit-ransomware