Security News > 2023 > May > New PaperCut RCE exploit created that bypasses existing detections
A new proof-of-concept exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules.
The PaperCut vulnerability, tracked as CVE-2023-27350, is a critical severity unauthenticated remote code execution flaw in PaperCut MF or NG versions 8.0 or later that has been exploited in ransomware attacks.
Multiple security companies have released detection rules for PaperCut exploits and indicators of compromise, including detections via Sysmon, log files, and network signatures.
A new attack method discovered by VulnCheck can bypass existing detections, allowing attackers to exploit CVE-2023-27350 unobstructed.
VulnCheck's approach combines all the above bypassing tricks to exploit the PaperCut NG and MF vulnerability without triggering any alarms.
The best way to deal with this threat is to apply the recommended security updates, which are PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-27350 | Improper Access Control vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |