Security News > 2023 > April > Exploit released for PaperCut flaw abused to hijack servers, patch now

Exploit released for PaperCut flaw abused to hijack servers, patch now
2023-04-24 17:01

Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.

The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.

Earlier today, attack surface assessment firm Horizon3 published a blog post containing detailed technical information and a CVE-2023-27350 proof-of-concept exploit that attackers could use to bypass authentication and execute code on unpatched PaperCut servers.

While unpatched PaperCut servers are already being targeted in the wild, additional threat actors will also likely use Horizon3's exploit code in further attacks.

A Shodan search shows that attackers could target only around 1,700 Internet-exposed PaperCut servers.

Huntress advises administrators unable to promptly patch their PaperCut servers should take measures to prevent remote exploitation.


News URL

https://www.bleepingcomputer.com/news/security/exploit-released-for-papercut-flaw-abused-to-hijack-servers-patch-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-20 CVE-2023-27350 Improper Access Control vulnerability in Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Papercut 3 0 7 7 2 16