Hxxp://upd488.windowservicecemtercom/download/AppPrint.msi Indicators of Compromise (IOCs) Indicator Note: Arctic Wolf recommends the following change management best practices for applying upgrades, including testing changes in a testing environment before deploying to production to avoid any operational impact. No workaround is available for this vulnerability. Versions 20.1.7, 21.2.11 and 22.0.9 and later.Īpplication and Site servers are impacted secondary servers (Print Providers) and Direct Print Monitors are not impacted. Version 8.0 or later, on all OS platforms According to PaperCut, there is no practical workaround to address this vulnerability. We strongly recommend upgrading PaperCut MF and PaperCut NG to 20.1.7, 21.2.11, 22.0.9 or later to prevent potential exploitation. Recommendations For CVE-2023-27350 Recommendation #1: Upgrade PaperCut Application Servers to a Fixed Version We strongly recommend that organizations running the affected products upgrade as soon as possible. We assess with moderate confidence that this intrusion activity is related to the exploitation of CVE-2023-27350.Īrctic Wolf has deployed monitoring around indicators of compromise associated with this PaperCut intrusion activity. Over the past week, Arctic Wolf has observed intrusion activity associated with a vulnerable PaperCut Server where the RMM tool Synchro MSP was loaded onto a victim system. Additional details surrounding this vulnerability will be released by Trend Micro on May 10, 2023. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on JanuPaperCut released a patch on March 8, 2023. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors.
0 Comments
Leave a Reply. |