![]() PaperCut MF users are advised to follow their regular upgrade process and consult their PaperCut partner or reseller for assistance. Additional links on the -Check for updates- page (accessed through the Admin interface > About > Version info > Check for updates) allow customers to download fixes for previous major versions that are still supported (e.g., 20.1.7 and 21.2.11) as well as the current version available. They can cover the costs with a familiar payment platform like PayPal. Print management software in conjunction with payment gateways ensures users pay for the printing, copying, and scanning services they use. Users can follow their usual upgrade procedure to obtain the upgrade. A simple way to prevent out-of-control print costs in education is to recover said print costs by implementing a print charging system. ![]() The earliest signature of suspicious activity on a customer server potentially linked to this vulnerability dates back to April 14th, 2023, at 01:29 AEST / April 13th, 2023, at 15:29 UTC.Īpplying the security fixes should not have any negative impact. The exploit was first detected in the wild on April 18th, 2023, at 03:30 AEST / April 17th, 2023, at 17:30 UTC. They have been proactively reaching out to potentially exposed customers since Wednesday afternoon (AEST) and are working around the clock through the weekend. The security response team at PaperCut has been working with external security advisors to compile a list of unpatched PaperCut MF/NG servers that have ports open on the public internet. PaperCut and its partner network have activated response teams to assist PaperCut MF and NG customers, with service desks available 24/7 via their support page. The vulnerabilities CVE-2023-27350 and CVE-2023-27351 have CVSS scores of 9.8 (Critical) and 8.2 (High), respectively. Additionally, users can apply “Allow list” restrictions under Options > Advanced > Security > Allowed site server IP addresses, setting this to only allow the IP addresses of verified Site Servers on their network. Users can lock down network access to their server(s) by blocking all inbound traffic from external IPs to the web management port (port 91 by default) and blocking all inbound traffic to the web management portal on the firewall to the server. For users with a currently supported version (version 20 or later), they can upgrade to any maintenance release version they are licensed for.\ If upgrading to a security patch is not possible, there are alternative options to enhance security. Customers using these older versions are advised to purchase an updated license online for PaperCut NG or through their PaperCut Partner for PaperCut MF. PaperCut MF/NG versions 19 and older have reached their end-of-life, as documented on the End of Life Policy page. Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud.The advisory provides information on detecting exploitation attempts and shares known indicators of compromise (IOCs) associated with the group’s activities. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. In early May 2023, a group identifying themselves as the Bl00dy Ransomware Gang targeted vulnerable PaperCut servers within the Education Facilities Subsector. Write-Host "Latest PaperCut release is $CURRENT_RELEASE.The FBI has issued a joint advisory concerning the exploitation of a PaperCut MF/NG vulnerability (CVE-2023-27350) by malicious actors, which began in mid-April 2023 and has been ongoing. $CURRENT_RELEASE = (( Invoke-RestMethod -uri http: // /products /mf /release -history.atom).id ` # Get the latest release from the PaperCut website (parse the XML Atom feed) $HEALTH_API_KEY = ( | Invoke-RestMethod -Method 'Post ' -Uri " $ $API_TOKEN = ( Get-Content -raw ~ /.PAPERCUT_API_TOKEN).trim() # Don't hard code API tokens # Need a web services API token.Get this from your local PaperCut admin
0 Comments
Leave a Reply. |