CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks.
The software developer says that more than 100 million users use its products across over 70,000 organizations worldwide.
The security flaw (tracked as CVE-2023-2533 and patched in June 2023) can allow an attacker to alter security settings or execute arbitrary code if the target is an admin with a current login session, and successful exploitation typically requires tricking an admin into clicking a maliciously crafted link.
CISA has yet to share details regarding these ongoing attacks, but it has added the vulnerability to its Known Exploited Vulnerabilities Catalog, giving Federal Civilian Executive Branch (FCEB) agencies three weeks to patch their systems by August 18, as mandated by the November 2021 Binding Operational Directive (BOD) 22-01.
While BOD 22-01 targets U.S. federal agencies, the cybersecurity agency encourages all organizations, including those in the private sector, to prioritize patching this actively exploited security bug as soon as possible.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA cautioned on Monday.
Non-profit security organization Shadowserver currently tracks over 1,100 PaperCut MF and NG servers that are exposed online, although not all are vulnerable to CVE-2023-2533 attacks.
PaperCut MF online exposure (Shadowserver)
PaperCut flaws exploited by ransomware gangs
Although CISA has no evidence that CVE-2023-2533 is being targeted in ransomware attacks, PaperCut servers have been previously breached by ransomware gangs in 2023 by exploiting a critical, unauthenticated remote code execution (RCE) vulnerability (CVE–2023–27350) and a high-severity information disclosure flaw (CVE–2023–27351).
... continue reading