Security News > 2023 > May > New PaperCut RCE exploit created that bypasses existing detections

New PaperCut RCE exploit created that bypasses existing detections
2023-05-06 14:11

A new proof-of-concept exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules.

The PaperCut vulnerability, tracked as CVE-2023-27350, is a critical severity unauthenticated remote code execution flaw in PaperCut MF or NG versions 8.0 or later that has been exploited in ransomware attacks.

Multiple security companies have released detection rules for PaperCut exploits and indicators of compromise, including detections via Sysmon, log files, and network signatures.

A new attack method discovered by VulnCheck can bypass existing detections, allowing attackers to exploit CVE-2023-27350 unobstructed.

VulnCheck's approach combines all the above bypassing tricks to exploit the PaperCut NG and MF vulnerability without triggering any alarms.

The best way to deal with this threat is to apply the recommended security updates, which are PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.


News URL

https://www.bleepingcomputer.com/news/security/new-papercut-rce-exploit-created-that-bypasses-existing-detections/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-20 CVE-2023-27350 Improper Access Control vulnerability in Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Papercut 3 0 7 7 2 16