Two vulnerabilities were reported April 24 for PaperCut’s NG/MF print management products, one of them critical, the other high severity.
Nearly 1,800 internet-exposed servers have reportedly been compromised to facilitate the installation of Atera and Syncro remote management and maintenance software that was hosted in a domain that was previously used to host the TrueBot malware. TrueBot has been tied to the Russian threat operation Silence, which is linked to Evil Corp and the TA505 threat cluster, a report from Huntress revealed.
PaperCut recommended that security teams apply patches immediately since there is evidence that the vulnerabilities were exploited in the wild and there are multiple reports of extensive exposure. The critical bug — CVE-2023-27350 — could allow for remote code execution, and the Zero Day Initiative gave the bug a critical rating of 9.8.
The Center for Internet Security reported that depending on the privileges associated with the user, an attacker leveraging the critical bug could install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
For the high severity bug — CVE-2023-27351 — remote attackers could bypass authentication on affected installations of PaperCut products. The Zero Day Initiative gave it a high severity rating of 8.2
Both of the vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.