Security News > 2023 > April > Exploit released for PaperCut flaw abused to hijack servers, patch now
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.
Earlier today, attack surface assessment firm Horizon3 published a blog post containing detailed technical information and a CVE-2023-27350 proof-of-concept exploit that attackers could use to bypass authentication and execute code on unpatched PaperCut servers.
While unpatched PaperCut servers are already being targeted in the wild, additional threat actors will also likely use Horizon3's exploit code in further attacks.
A Shodan search shows that attackers could target only around 1,700 Internet-exposed PaperCut servers.
Huntress advises administrators unable to promptly patch their PaperCut servers should take measures to prevent remote exploitation.
News URL
Related news
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |