Security News > 2023 > May > PaperCut vulnerability abused by several threat actors could impact 70,000 organizations
Several ransomware groups and state-sponsored cyberespionage threat actors are exploiting a vulnerability affecting printing software tools PaperCut MF and PaperCut NG to compromise their targets.
The new PaperCut vulnerability, CVE-2023-27350, affects different PaperCut MF and PaperCut NG software, allowing an attacker to bypass authentication and execute arbitrary code with SYSTEM privileges.
While PaperCut does not have evidence of this vulnerability being used in the wild, a tweet from Microsoft mentions the use of the vulnerability without providing more information about it.
Figure A. The threat actor exploited the PaperCut vulnerability through the printing interface of the software to download and execute legitimate remote management and maintenance software to achieve their goal.
Microsoft Threat Intelligence tweeted about recent attacks exploiting the PaperCut vulnerability to deliver Clop ransomware since April 13, 2023.
With more than 70,000 organizations using PaperCut in more than 200 countries, other threat actors became interested in exploiting this vulnerability.
News URL
https://www.techrepublic.com/article/papercut-vulnerability/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-20 | CVE-2023-27350 | Unspecified vulnerability in Papercut NG This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). | 9.8 |