PaperCut is software is used by hundreds of millions of users in organizations worldwide to minimize waste and provide a secure and easy printing experience. In the US, State, Local, and Education (SLED) environments are typical users.
But last month, PaperCut issued patches for two vulnerabilities exploited in the wild: CVE-2023-27350 and CVE-2023-27351. Their security advisory notes that CVE-2023-27350 allows remote code execution to compromise the PaperCut application server.
On 19 April 2023, PaperCut published additional details including several indicators of compromise such as log file entries, known malicious domains, and YARA rules to detect observed malicious activity.
Horizon3ai’s Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published “PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise” which analyzes PaperCut’s vulnerability patch, develops an exploit, includes IOCs and Shodan exposure.
Further research from Huntress also detailed this vulnerability on 21 April 2023 – including exploitation details and additional indicators of compromise.
If you use PaperCut, you might want to take a look at the deep dive and related material so that you can take action to keep your environment safe.
Like this:
Like Loading...
Related
This entry was posted on April 24, 2023 at 9:57 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Horizon3ai Takes A Deep Dive Into Vulnerabilities With PaperCut Software
PaperCut is software is used by hundreds of millions of users in organizations worldwide to minimize waste and provide a secure and easy printing experience. In the US, State, Local, and Education (SLED) environments are typical users.
But last month, PaperCut issued patches for two vulnerabilities exploited in the wild: CVE-2023-27350 and CVE-2023-27351. Their security advisory notes that CVE-2023-27350 allows remote code execution to compromise the PaperCut application server.
On 19 April 2023, PaperCut published additional details including several indicators of compromise such as log file entries, known malicious domains, and YARA rules to detect observed malicious activity.
Horizon3ai’s Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published “PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise” which analyzes PaperCut’s vulnerability patch, develops an exploit, includes IOCs and Shodan exposure.
Further research from Huntress also detailed this vulnerability on 21 April 2023 – including exploitation details and additional indicators of compromise.
If you use PaperCut, you might want to take a look at the deep dive and related material so that you can take action to keep your environment safe.
Share this:
Like this:
Related
This entry was posted on April 24, 2023 at 9:57 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.