Skip to the content.

DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass

Our reference DIVD-2023-00020
Case lead Ralph Horn
Author Max van der Horst
Researcher(s)
CVE(s)
Product PaperCut NG and PaperCut MF
Versions 22.0.5 (Build 63914)
Recommendation Upgrade your PaperCut MF/NG version to one of the listed fixed versions.
Status Closed
Last modified 09 Jul 2023 21:41

Summary

PaperCut NG/MF installations of version 22.05 (Build 63914) contain an authentication bypass vulnerability that allow remote attackers to log into the system without authentication. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM on the underlying Operating System. There is evidence that this vulnerability is actively being exploited in the wild.

What you can do

Upgrade your PaperCut NG/MF version to versions 20.1.7, 21.2.11, 22.0.9 or higher to fix this vulnerability. Find steps to upgrade in PaperCuts advisory. Because this vulnerability is likely being actively exploited, upgrading is highly advised.

What we are doing

DIVD is currently scanning for vulnerable PaperCut systems connected to the Internet. Owners of vulnerable systems receive a notification with instructions to update their system.

Timeline

Date Description
20 Apr 2023 DIVD starts researching the vulnerability.
21 Apr 2023 DIVD conducts first scan.
24 Apr 2023 DIVD performs first mailrun.
26 Apr 2023 Lockbit, Clop and Iranian APTs confirmed by Microsoft to exploit in wild.
04 May 2023 Bypass for patch found by VulnCheck, DIVD starts investigation on new fingerprint.
gantt title DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass (20 days) :2023-04-20, 2023-05-10 section Events DIVD starts researching the vulnerability. : milestone, 2023-04-20, 0d DIVD conducts first scan. : milestone, 2023-04-21, 0d DIVD performs first mailrun. : milestone, 2023-04-24, 0d Lockbit, Clop and Iranian APTs confirmed by Microsoft to exploit in wild. : milestone, 2023-04-26, 0d Bypass for patch found by VulnCheck, DIVD starts investigation on new fingerprint. : milestone, 2023-05-04, 0d

More information