You can use any printer that PaperCut supports with our integration. Can I use any printer with this integration? No, our integration currently works with PaperCut MF and PaperCut NG. You can also choose to let your customers print for free.įAQ Can I use this integration with PaperCut Hive? The integration can automatically add new customers to PaperCut and charges them based on their printing using credits, pay-per-print or a combination of both. Trend Micro is monitoring this ongoing campaign and will be updating this blog entry as more information becomes available.For more information, check out Integrating PaperCut. Rule 4836: CVE-2023-27351 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST).Rule 4835: CVE-2023-27350 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST).1011732 - PaperCut NG Authentication Bypass Vulnerability (CVE-2023-27351).1011731 - PaperCut NG Authentication Bypass Vulnerability (CVE-203-27350).Trend Micro Cloud One - Workload Security & Deep Security IPS Rules 42258: HTTP: PaperCut NG SecurityRequestFilter Authentication Bypass Vulnerability (ZD-23-232).42626: HTTP: PaperCut NG SetupCompleted Authentication Bypass Vulnerability (ZDI-23-233).Trend Micro Cloud One - Network Security & TippingPoint Protection Filters Organizations can find instructions on how to update their PaperCut versions via PaperCut’s vulnerability bulletin.īecause the original submission of these vulnerabilities was done through Trend Micro’s Zero Day Initiative, Trend Micro has also released rules and filters that can help provide protection against the potential exploitation of these vulnerabilities. What can organizations do to prevent and mitigate the risks associated with CVE-2023-27350 and CVE-2023-27351?īoth these vulnerabilities have been fixed in PaperCut MF and NG versions 20.1.7, 21.2.11, and 22.0.9. Considering the previous intrusions that the malicious actors behind LockBit have deployed, we will continue to observe this active threat as it targets more potential victims with possibly even more payloads. LockBit, which is the most prevalent ransomware family according to our Q4 2022 Ransomware Report, continues to dominate as the most active ransomware-as-a-service ( RaaS) provider. Our analysis indicates that the malicious payload enc.exe is the LockBit ransomware (detected by Trend Micro as ), based on the binary found in the user Downloads folder that the malicious actor created. The malicious actors used a temporary hosting site for the malicious payload, one that conveniently deletes all uploaded files after 60 minutes. This PowerShell script downloaded and ran a malicious payload, and used netsh.exe to circumvent the firewall. In this case, the malicious actors chose to run a PowerShell script via the exploited app. Upon the successful exploitation of the vulnerability, pc-app.exe (PaperCut NG/MF) can be used for RCE. Trend Micro Managed XDR observed an instance wherein this vulnerability is believed to have been abused by malicious actors. Based on PaperCut's investigation, the earliest suspicious activity that's possibly related to CVE-2023-27350 dates back to April 14, 2023. On April 18, 2023, a PaperCut customer reported suspicious activity, which suggested that unpatched servers are being exploited through CVE-2023-27350. It can be abused by an unauthenticated attacker to perform RCE on an unpatched PaperCut Application Server. The critical-rated CVE-2023-27350 has a vulnerability severity score of 9.8. This vulnerability is also identified as ZDI-23-233. This blog entry provides an overview of the vulnerabilities and includes information that IT and SOC professionals need to know.ĬVE-2023-27350, which affects PaperCut MF and NG products, was found to have been exploited in the wild (ITW) in the middle of April. Evidence was found that one of these two vulnerabilities, CVE-2023-27350, is being actively exploited by malicious actors for remote code execution (RCE). Trend Micro’s Zero Day Initiative (ZDI) discovered two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, in Papercut, a print management software solution that is used by over 100 million users globally. We also added Trend Micro Deep Discovery Inspector rules which can help protect against potential exploitation of the vulnerabilities discussed. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
0 Comments
Leave a Reply. |