"PaperCut Fixes Bug That Can Lead To RCE"

Researchers at Horizon3.ai have published information about CVE-2023-39143, two vulnerabilities in PaperCut application servers that unauthenticated attackers could exploit to execute code remotely. It is not a "one-shot" Remote Code Execution (RCE) bug, unlike the PaperCut vulnerability, tracked as CVE-2023-27350, recently exploited by Clop and LockBit ransomware affiliates. Researchers noted that CVE-2023-39143 is more difficult to exploit because multiple vulnerabilities must be chained together to compromise a server. PaperCut NG and MF are popular print management server software solutions. PaperCut NG and MF versions released before v22.1.3 contain the path traversal vulnerabilities (CVE-2023-39143) that could be exploited to read, delete, and upload arbitrary files to a vulnerable application server. This article continues to discuss the bug fixed by PaperCut.

Help Net Security reports "PaperCut Fixes Bug That Can Lead To RCE"

Submitted by Anonymous on Mon, 08/07/2023 - 08:17