Following recently reported active exploitations of a critical RCE vulnerability in PaperCut servers (CVE-2023-27350), team Axon evaluated potential exploitations’ risk and possible impact.
This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, enabling an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023. Affected installations of PaperCut: - Version 8.0.0 to 19.2.7 - Version 20.0.0 to 20.1.6 - Version 21.0.0 to 21.2.10 - Version 22.0.0 to 22.0.8
Organizations having PaperCut in use in their enterprise network environment are advised to patch the application to the latest released, as also advised by the FBI, CISA and PaperCut security advisories. The team performs threat hunting over Axon customers’ environments to detect activity associated with this attack, and affected customers have been informed.