Security News > 2023 > April > Exploit released for PaperCut flaw abused to hijack servers, patch now
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.
Earlier today, attack surface assessment firm Horizon3 published a blog post containing detailed technical information and a CVE-2023-27350 proof-of-concept exploit that attackers could use to bypass authentication and execute code on unpatched PaperCut servers.
While unpatched PaperCut servers are already being targeted in the wild, additional threat actors will also likely use Horizon3's exploit code in further attacks.
A Shodan search shows that attackers could target only around 1,700 Internet-exposed PaperCut servers.
Huntress advises administrators unable to promptly patch their PaperCut servers should take measures to prevent remote exploitation.
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |