Security flaw in PaperCut printing software

Cybersecurity experts have identified a new high-severity security flaw in PaperCut print management software for Windows, which could lead to remote code execution under specific circumstances. Designated as CVE-2023-39143 (CVSS score: 8.4), the defense affects PaperCut NG/MF prior to version 22.1.3. We are referring to a path and file upload problem.

Impact and potential consequences of the breach

“CVE-2023-39143 allows an unauthenticated attacker to read, delete and upload files at will on the PaperCut MF/NG application server, leading to remote code execution in certain configurations,” said Naveen Sunkavally of Horizon3. to the. Remote code execution is possible when the External Device Integration setting is turned on, which is enabled by default in some PaperCut installations.

Comparison of CVE-2023-39143 and CVE-2023-27350

In April, a remote code execution vulnerability in the same product (CVE-2023-27350, CVSS score: 9.8) and an information disclosure flaw (CVE-2023-27351) were heavily exploited to deliver Cobalt Strike and ransomware. Iranian state actors have also abused these vulnerabilities to gain initial access to target networks. “Unlike CVE-2023-27350, CVE-2023-39143 does not require attackers to have previous privileges to exploit the vulnerability and no user interaction is required,” Sunkavally commented.

Mitigation interventions

PaperCut, with version 22.1.3, also fixed a security flaw that could allow an unauthenticated attacker with direct access to the server's IP to upload files at will to a target folder, causing a potential denial of service (CVE -2023-3486, CVSS score: 7.4). Tenable has been recognized for discovering and reporting the issue.