PaperCut Warns of Exploited Critical Vulnerability in Print Management Solutions

PaperCut, a provider of print management solutions, has issued a warning to organizations regarding the active exploitation of a critical-severity vulnerability that was recently patched. PaperCut offers a print management system known as PaperCut MF/NG, which allows organizations to monitor and control their printing activities. The vulnerability, tracked as CVE-2023-27350 with a CVSS score of 9.8, involves an improper access control issue in the SetupCompleted class of PaperCut MF/NG. Exploiting this vulnerability successfully allows a remote and unauthenticated attacker to bypass authentication and execute arbitrary code with System privileges. According to PaperCut's advisory, it has been confirmed that this security flaw enables an unauthenticated attacker to achieve remote code execution (RCE) on a PaperCut Application Server, without the need for login credentials. The vulnerability affects PaperCut MF and NG versions 8.0 and later. In March 2023, the company released patched versions (PaperCut MF and PaperCut NG 20.1.7, 21.2.11, and 22.0.9) to address the issue. PaperCut advises organizations to review server access logs and conduct malware scans to detect any signs of suspicious activity resulting from the exploitation of this vulnerability. If a server is suspected to be compromised, the company suggests taking server backups, wiping the Application Server, and rebuilding from a previous "safe" backup point prior to the detection of any suspicious behavior.