Security News > 2023 > April > Exploit released for PaperCut flaw abused to hijack servers, patch now
![Exploit released for PaperCut flaw abused to hijack servers, patch now](/static/build/img/news/exploit-released-for-papercut-flaw-abused-to-hijack-servers-patch-now-medium.jpg)
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.
Earlier today, attack surface assessment firm Horizon3 published a blog post containing detailed technical information and a CVE-2023-27350 proof-of-concept exploit that attackers could use to bypass authentication and execute code on unpatched PaperCut servers.
While unpatched PaperCut servers are already being targeted in the wild, additional threat actors will also likely use Horizon3's exploit code in further attacks.
A Shodan search shows that attackers could target only around 1,700 Internet-exposed PaperCut servers.
Huntress advises administrators unable to promptly patch their PaperCut servers should take measures to prevent remote exploitation.
News URL
Related news
- Exploit released for maximum severity Fortinet RCE bug, patch now (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server (source)
- Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP! (source)
- 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |