The Third Day Of Tagsmas (2023): Papercut MF/NG Authentication Bypass (CVE-2023-27350)

‍

Tag Papercut MF/NG Authentication Bypass (CVE-2023-27350)

Discovery and Initial Impact

CVE-2023-27350 is a critical vulnerability in PaperCut MF/NG print management software, allowing unauthenticated remote code execution. It has been actively exploited in the wild and poses a significant risk to organizations using the affected software. Defenders should immediately patch their systems and mitigate the risk of exploitation.

The vulnerability was confirmed on April 19, 2023, and was actively exploited by threat actors. The Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on January 10, 2023, and PaperCut released a patch on March 8, 2023. 

Exploitation and Long-Term Impacts

The vulnerability allows unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. It has been exploited by malicious threat actors for remote code execution and is used in ongoing ransomware attacks.

The long-term impacts of the vulnerability include the potential for continued exploitation by threat actors and the risk of data breaches and system compromise.

Why Defenders Should Still Be Concerned

Defenders should still be concerned about CVE-2023-27350 due to its active exploitation in the wild and the potential for widespread impact. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint alert warning about the ongoing exploitation of the vulnerability and the need for immediate patching.

‍

Related Links

• GreyNoise Blog: New Vulnerability: PaperCut MF/NG 
• NVD: CVE-2023-27350 Detail  
• Article: Critical Vulnerabilities in PaperCut Print Management Software  
• Article: PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise – Horizon3.ai  
• PoC: CVE-2023-27350.py  
• Article: URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut