PaperCut Multiple Vulnerabilities
RISK: High Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in PaperCut. A remote attacker could exploit these vulnerabilities to trigger security restriction bypass and remote code execution on the targeted system.
Note:
CVE-2023-27351 is being exploited in the wild. A remote attacker could leverage this vulnerability to bypass authentication on affected installations via the SecurityRequestFilter class. Hence, the risk level is rated as High Risk.
Impact
- Security Restriction Bypass
- Remote Code Execution
System / Technologies affected
CVE-2023–27350
PaperCut MF or NG version 8.0 or later (excluding patched versions). This includes:
- version 8.0.0 to 19.2.7 (inclusive)
- version 20.0.0 to 20.1.6 (inclusive)
- version 21.0.0 to 21.2.10 (inclusive)
- version 22.0.0 to 22.0.8 (inclusive)
CVE-2023–27351
PaperCut MF or NG version 15.0 or later (excluding patched versions). This includes:
- version 15.0.0 to 19.2.7 (inclusive)
- version 20.0.0 to 20.1.6 (inclusive)
- version 21.0.0 to 21.2.10 (inclusive)
- version 22.0.0 to 22.0.8 (inclusive)
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- PaperCut NG/MF version 20.1.7
- PaperCut NG/MF version 21.2.11
- PaperCut NG/MF versions 22.0.9 and later versions
沒有留言:
發佈留言