Security News > 2023 > May > New PaperCut RCE exploit created that bypasses existing detections
A new proof-of-concept exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules.
The PaperCut vulnerability, tracked as CVE-2023-27350, is a critical severity unauthenticated remote code execution flaw in PaperCut MF or NG versions 8.0 or later that has been exploited in ransomware attacks.
Multiple security companies have released detection rules for PaperCut exploits and indicators of compromise, including detections via Sysmon, log files, and network signatures.
A new attack method discovered by VulnCheck can bypass existing detections, allowing attackers to exploit CVE-2023-27350 unobstructed.
VulnCheck's approach combines all the above bypassing tricks to exploit the PaperCut NG and MF vulnerability without triggering any alarms.
The best way to deal with this threat is to apply the recommended security updates, which are PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.
News URL
Related news
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- PoC exploit for SysAid pre-auth RCE released, upgrade quickly! (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut MF and Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |