Security News > 2023 > May > PaperCut vulnerability abused by several threat actors could impact 70,000 organizations

PaperCut vulnerability abused by several threat actors could impact 70,000 organizations
2023-05-17 20:09

Several ransomware groups and state-sponsored cyberespionage threat actors are exploiting a vulnerability affecting printing software tools PaperCut MF and PaperCut NG to compromise their targets.

The new PaperCut vulnerability, CVE-2023-27350, affects different PaperCut MF and PaperCut NG software, allowing an attacker to bypass authentication and execute arbitrary code with SYSTEM privileges.

While PaperCut does not have evidence of this vulnerability being used in the wild, a tweet from Microsoft mentions the use of the vulnerability without providing more information about it.

Figure A. The threat actor exploited the PaperCut vulnerability through the printing interface of the software to download and execute legitimate remote management and maintenance software to achieve their goal.

Microsoft Threat Intelligence tweeted about recent attacks exploiting the PaperCut vulnerability to deliver Clop ransomware since April 13, 2023.

With more than 70,000 organizations using PaperCut in more than 200 countries, other threat actors became interested in exploiting this vulnerability.


News URL

https://www.techrepublic.com/article/papercut-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-20 CVE-2023-27350 Improper Access Control vulnerability in Papercut NG
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914).
network
low complexity
papercut CWE-284
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Papercut 3 0 5 4 4 13