Tuesday, July 23, 2024

New PaperCut NG/MF Flaw Let Attackers Execute Code on Unpatched Windows Servers

A Critical vulnerability was discovered in the widely used PaperCut MG/ NF print management software running on Windows prior to version 22.1.3.

As of the July 2023 security bulletin, patches have been released by PaperCut to fix this vulnerability. PaperCut is a widely used print management software that has two different software as, MG and NF.

PaperCut is a printing management and control tool, while NF is a versatile solution that offers printing, copying, scanning, and specialty printing capabilities.

CVE-2023-39143: Chained Path Traversal in Authenticated API

On certain configurations, this vulnerability enables an unauthenticated attacker to potentially read, write and upload arbitrary files resulting in remote code execution.

The CVSS Score for this vulnerability is yet to be confirmed.

Configuration Required Exploitation

As reported, servers running on Windows platforms that have the external device integration setting enabled are vulnerable to this remote code execution through file upload.

This setting is enabled by default on certain PaperCut installations such as PaperCut NG Commercial version or PaperCut MF.


This vulnerability can be detected using the following command, which checks if the server is patched and whether it is running on Windows.

curl -w “%{http_code}” -k –path-as-is “https://<IP>:<port>/custom-report-example/..\..\..\deployment\sharp\icons\home-app.png”

A 200 response to this command indicates that the server is not patched and vulnerable, and a 404 response states that the server is patched and not vulnerable.

Users of these products are recommended to upgrade to the latest version of PaperCut NG/MF, version 22.1.3. As a workaround, users can also configure an allowlist of IP addresses that are permitted to connect with the PaperCut server.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.


Latest articles

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...

Hackers Abusing Google Cloud For Phishing

Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted...

Two Russian Nationals Charged for Cyber Attacks against U.S. Critical Infrastructure

The United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members...

Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat actors have been found exploiting a recently discovered bug in CrowdStrike's software that...

NCA Shut’s Down the Most Popular “digitalstress” DDoS-for-hire Service

The National Crime Agency (NCA) has successfully infiltrated and dismantled one of the most...

Play Ransomware’s Linux Variant Attacking VMware ESXi Servers

A new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual...

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles