Admin user “admin” modified the print script on the printer.User “admin” logs into the administration interface.If you see suspicious PaperCut MF application log entries, ie: If you see suspicious activity or security alerts in Antivirus, anti-malware and endpoint security software tooling. Depending on your systems, logging and endpoint protection software you may be able to detect the following. We currently recommend looking for the following Indicators of Compromise (IOCs) to determine if it is likely that the vulnerability has been used to install malware on the system. Q How do I know if my server has been exploited? Even though the Site Server is not impacted by this vulnerability, you will need to upgrade them to match the version number of the Application Server. We recommend that you upgrade all Application Servers and Site Servers (see Upgrade documentation). You will not need to patch Secondary Servers (Print Providers / Direct Print Monitors) - but you can if you prefer. We recommend that you upgrade all Application Servers and Site Servers (see Upgrade documentation) PaperCut MF/NG Direct Print Monitors (Print Providers). PaperCut MF/NG secondary servers (Print Providers). Which PaperCut components or products are NOT impacted? Which PaperCut MF or NG components are impacted? What versions are not impacted / which versions are FIXED? PaperCut MF or NG version 15.0 or later (excluding patched versions), on all OS platforms. PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms. What versions are impacted / which versions are VULNERABLE? Which PaperCut products are impacted, and what are the actions required? This vulnerability has been rated with a CVSS score of 8.2. We do not have any evidence of this vulnerability being used against customers at this point. This could be done remotely and without the need to log in. The attacker can also retrieve the hashed passwords for internal PaperCut-created users only (note that this does not include any password hashes for users sync’d from directory sources such as Microsoft 365 / Google Workspace / Active Directory and others). We have confirmed that under certain circumstances this allows for an unauthenticated attacker to potentially pull information about a user stored within PaperCut MF or NG - including usernames, full names, email addresses, office/department info and any card numbers associated with the user. This vulnerability has been rated with a CVSS score of 9.8. We have confirmed that under certain circumstances this allows for an unauthenticated attacker to get Remote Code Execution (RCE) on a PaperCut Application Server. We highly recommend upgrading to one of these versions containing the fix (see the Where can I get the upgrade? question below). Important: Both of these vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |