A new vulnerability, CVE-2023-27350, has been discovered which affects PaperCut MF and NG print management software. Successful exploitation of the vulnerability would allow attackers to access sensitive user information (usernames, email addresses, office/department information, and card numbers) without authentication. A proof of concept (PoC) has been published for this threat, and nation state-sponsored attackers have been observed exploiting the vulnerability. Barracuda recommends updating the application to its latest version immediately in order to patch this vulnerability.
What is the threat?
The vulnerability exists in the PaperCut client due to improper access control and can result in an authentication bypass and remote code execution on vulnerable installations. An attacker could exploit this vulnerability by sending a specially crafted message containing malicious code to a victim’s device. Once the victim clicks on the message, the code will execute and give the attacker complete control over the victim’s device. The attacker could then use the device to steal data, spread malware, or carry out further attacks.
Why is it noteworthy?
The widely used PaperCut MF and NG print management software is being actively exploited by attackers, including nation-state threat actors, to take over vulnerable application servers, and now there’s a PoC publicly available for the exploit. This vulnerability has been assigned a CVSS score of 9.8, meaning it is classified as critical.
What is the exposure or risk?
The vulnerability affects PaperCut MF and NG print management software versions prior to 2.2126.14 and allows attackers to achieve persistent remote access and code execution capabilities. An attacker could exploit this vulnerability to gain control over a victim’s device, steal sensitive data, or spread malware. As PaperCut is used by many organizations, an attack could have severe consequences for businesses, including data breaches, loss of sensitive information, and reputational damage.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of an attack:
- Upgrade to latest versions of desktop client 20.1.7, 21.2.11 or 22.0.9
- Deploy Barracuda XDR to detect exploitation attempts and related attack indicators associated with this threat.
- Implement a multi-layered security approach, including endpoint protection, firewalls, and intrusion detection and prevention systems, to help prevent attacks.
Make sure employees are educated in safe internet practices.
References
For more in-depth information, please visit the following links:
Barracuda Solutions for Ransomware | Barracuda Networks
13 Threats e-book | Barracuda Networks
NVD – CVE-2023-27350 (nist.gov)
If you have any questions, please contact our Security Operations Center.
Hi there, PaperCutter Brenda here. Just wanted to offer a quick suggestion: we recommend upgrading to the latest server version. Thank you!