What We Do
How we do it
Resources
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Security advisories — Apr 25, 2023

PaperCut Vulnerability PoC Released

2 minutes read
Speak With A Security Expert Now

THE THREAT

Two high/critical severity security issues have been discovered in PaperCut MF/NG. There is evidence that unpatched servers are being exploited in the wild. The vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later. Upgrading to one of these versions containing the fix is highly recommended.

Vulnerabilities:

  1. ZDI-CAN-18987 / PO-1216 (CVE-2023–27350): Allows an unauthenticated attacker to get Remote Code Execution (RCE) on a PaperCut Application Server. They are rated with a CVSS score of 9.8.
  2. ZDI-CAN-19226 / PO-1219 (CVE-2023–27351): Allows an unauthenticated attacker to potentially pull user information, including usernames, full names, email addresses, office/department info, and any proximity card numbers assigned to the user. They are rated with a CVSS score of 8.2.

Organizations should upgrade all Application Servers and Site Servers, with public-facing servers, being the top priority. For more information on how to upgrade and recover from a compromise, refer to the original PaperCut bulletin.

If you cannot upgrade to a security patch, lock down network access to the server(s) by blocking all inbound traffic from external IPs to the web management port (ports 9191 and 9192 by default) and applying other security measures detailed in the bulletin. 

What we’re doing about it

What you should do about it

Additional information

On January 10th, 2023, Trend Micro reported a security vulnerability to PaperCut. In response, PaperCut released fixes for their MF and NG versions on March 8th, 2023, while keeping their partners and customers informed through various communication channels. Importantly, they confirmed that these vulnerabilities did not impact Multiverse and Print Logger. Trend Micro shared further technical details on their website on March 14th, 2023.

In early April, PaperCut provided updates about unpatched servers being exploited, and published a blog post on the security issue. PaperCut revised their FAQ section to include alternative options for those unable to upgrade to the security patch. They also added more FAQs to explain their proactive support for customers and shared details about exploit detection. Organizations that have yet to patch should assume a breach. Patches have been available since early March 2023, and impacted organizations must apply these patches promptly to mitigate the risk of further attacks.

On April 19th, Horizon3 released a working Proof of Concept (POC) on GitHub, reducing the attack complexity severely. Horizon3 proofs-of-concept have a history of stability, reliability, and reducing the complexity of attacks. Additionally, printer services like PaperCut should be within a trusted perimeter; however, organizations should review their attack surface for misconfigurations and business expectations exposing printers to the Internet. Regular review and audit of network configurations help identify potential vulnerabilities and ensure a more secure environment.

The eSentire Threat Intelligence is actively tracking emerging details and incidents and has observed attacks leading to the deployment of cryptocurrency miners in late April.

References:

[1] https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
[2] PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise
[3]GitHub - horizon3ai/CVE-2023-27350: Proof of Concept Exploit for PaperCut CVE-2023-27350

View Most Recent Blogs