Patch Now: CISA Warns of Actively Exploited PaperCut RCE Bug
▼ Summary
– CISA warns of active exploitation of a high-severity vulnerability (CVE-2023-2533) in PaperCut NG/MF software, enabling remote code execution via CSRF attacks.
– Over 100 million users across 70,000 organizations use PaperCut products, making the vulnerability a widespread risk.
– The flaw requires tricking an admin into clicking a malicious link to alter settings or execute arbitrary code, prompting CISA to mandate patching for federal agencies by August 18.
– Shadowserver reports over 1,100 exposed PaperCut servers online, though not all are vulnerable to CVE-2023-2533.
– Previous PaperCut vulnerabilities (CVE-2023-27350 and CVE-2023-27351) were exploited by ransomware gangs like LockBit and Clop, as well as Iranian state-backed hackers.
Federal agencies and private organizations are being urged to immediately patch a critical vulnerability in PaperCut print management software that hackers are actively exploiting. The flaw, identified as CVE-2023-2533, allows attackers to execute remote code by manipulating security settings when administrators are logged in.
PaperCut NG/MF software serves over 100 million users across 70,000 organizations globally, making it a high-value target for cybercriminals. While exploiting this vulnerability requires tricking an admin into clicking a malicious link, successful attacks can lead to full system compromise. The Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities Catalog, mandating federal agencies to apply patches by August 18.
Though the directive specifically applies to government networks, CISA strongly advises all businesses to prioritize updates, warning that such vulnerabilities are commonly abused by threat actors. Shadowserver, a nonprofit cybersecurity group, reports more than 1,100 PaperCut servers exposed online, though not all are susceptible to this particular exploit.
This isn’t the first time PaperCut servers have been targeted. Earlier this year, ransomware groups like LockBit and Clop exploited separate critical flaws (CVE-2023-27350 and CVE-2023-27351) to infiltrate systems and steal sensitive data. Microsoft also observed Iranian state-linked hackers leveraging these vulnerabilities in coordinated attacks.
CISA previously flagged CVE-2023-27350 as an actively exploited threat, requiring federal agencies to secure their systems by mid-May. Shortly after, the FBI warned that the Bl00dy ransomware group was using the same flaw to breach educational institutions.
Organizations still running unpatched PaperCut versions should treat this as an urgent security priority. Delaying updates increases the risk of unauthorized access, data theft, and potential ransomware infections. Proactive patching remains the most effective defense against these evolving threats.
(Source: Bleeping Computer)
