PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350)

25 April 2023

An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now there’s a public PoC exploit. About the vulnerability According to PaperCut, the attacks seem to have started on April 14, 2023 – a month and a week after the software maker released new PaperCut MF and NG versions that fixed CVE-2023-27350 and CVE-2023–27351, an unauthenticated information disclosure flaw that could allow attackers to access sensitive user information (usernames, email addresses, office/department information, and card numbers) without authentication.

Read full article on Help Net Security

Date:

25 April 2023

Categorie(s):

NEWS

Tag(s):

IT, News, PoC, Trend Micro

Triangulation fraud: The costly scam hitting online retailers30 April 2024
Tracecat: Open-source SOAR30 April 2024
Why the automotive sector is a target for email-based cyber attacks30 April 2024
Passwords under seven characters can be easily cracked30 April 2024
Security analysts believe more than half of tasks could be automated30 April 2024