Security News > 2023 > April > Exploit released for PaperCut flaw abused to hijack servers, patch now

Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.
Earlier today, attack surface assessment firm Horizon3 published a blog post containing detailed technical information and a CVE-2023-27350 proof-of-concept exploit that attackers could use to bypass authentication and execute code on unpatched PaperCut servers.
While unpatched PaperCut servers are already being targeted in the wild, additional threat actors will also likely use Horizon3's exploit code in further attacks.
A Shodan search shows that attackers could target only around 1,700 Internet-exposed PaperCut servers.
Huntress advises administrators unable to promptly patch their PaperCut servers should take measures to prevent remote exploitation.
News URL
Related news
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |