Computer Security pedagogues have detected a recent more severe security loophole in Papercut, the leading print management software.
Papercut is famous amongst end users as it makes printing an easy task for them, through mobile or BYOD(Bring Your Own Device). As its business line says, it’s a print management software that is helping hundreds of millions of people with easy and affordable printing experience, while minimizing waste around the globe.
This high-severity security flaw is found in the Windows platform. This could result in remote code execution under special circumstances.
The National Vulnerability Database(NVD) has named it CVE-2023-39143.
PaperCut MF and PaperCut NG before version 22.1.3 are vulnerable to track turndown, which makes the hackers read, and upload files to the application server of PaperCut NG/MF and delete random files from remote locations.
Horizon3.ai mentioned that hackers can upload files, which leads to distant code execution. And, this becomes more prominent when the setting for external device integration is enabled. PaperCut found that this setting is on by default in some versions of its application.
In Earlier April this year, PaperCut was found with some severe remote code execution vulnerabilities. This was named CVE-2023-27350, with a CVSS score of 9.8. It was also infected by an information disclosure defect, named CVE-2023-27351. These two were singlehandedly used by the attackers to carry out the Cobalt strike and ransomware attacks. It was also found recently that some Iranian hackers were also attacking the target networks.
CVE-2023-39143 also does not require the threat actors to have the foregoing authorization to attack the systems, and a complete null-user interaction is required, as compared to its ancestor CVE-2023-27350.
When compared to RCE-vulnerability, which was a ‘one-shot’ cyber attack, CVE-2023-39143 is far more multi-formed and involves several issues which must be combined to attack and compromise the server.
It was also found in version 22.1.3 of PaperCut a security- pitfall, that allows the unauthenticated threat actor to directly access the IP address of the server and upload the random files to the destination directory. This would ultimately lead to denial-of-service over that target directory, also called by the flaw CVE-2023-3486, having a CVSS score of 7.4. Tenable, an integrated cloud-based exposure management company first found and reported the issue.
For more such cybersecurity articles visit the website cybermetrics.eu
