The US cybersecurity agency CISA on Monday warned that a two-year-old vulnerability in PaperCut’s NG and MF print management products has been exploited in the wild.
The flaw, tracked as CVE-2023-2533, is described as a high-severity cross-site request forgery (CSRF) issue that, under certain conditions, allows attackers to modify security settings or execute arbitrary code remotely.
“This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes,” PaperCut notes in a June 2023 advisory.
It should be noted that, while PaperCut assesses that CVE-2023-2533 has a CVSS score of 7.9, NIST lists it with a CVSS score of 8.8, while Fluid Attacks, which discovered the bug and released proof-of-concept (PoC) code targeting it, assesses that it has a CVSS score of 8.4.
The security defect impacts all PaperCut NG/MF versions prior to 22.1.1, on all platforms, and was addressed in versions 22.1.1, 21.2.12, and 20.1.8. Application servers are affected as well, PaperCut’s advisory reads.
On Monday, CISA added the bug to its Known Exploited Vulnerabilities (KEV) catalog, warning it has been exploited in attacks, but without sharing details on the observed exploitation.
Per Binding Operational Directive (BOD) 22-01, federal agencies have until August 18 to identify vulnerable PaperCut deployments within their environments and apply the available patches.
While BOD 22-01 only applies to federal agencies, all organizations are advised to review CISA’s KEV list and prioritize the patching of security defects relevant to their environments.
Data from The Shadowserver Foundation shows there are roughly 1,000 PaperCut instances accessible from the internet. However, it is unclear how many of them are vulnerable.
PaperCut’s NG/MF print management solutions are used by more than 100 million users across over 70,000 organizations and threat actors previously exploited PaperCut flaws for which patches had been released.
Related: Mitel Patches Critical Flaw in Enterprise Communication Platform
Related: Chinese Spies Target Networking and Virtualization Flaws to Breach Isolated Environments
Related: ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named
Related: Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack
