"PaperCut Fixes Bug That Can Lead To RCE"
Researchers at Horizon3.ai have published information about CVE-2023-39143, two vulnerabilities in PaperCut application servers that unauthenticated attackers could exploit to execute code remotely. It is not a "one-shot" Remote Code Execution (RCE) bug, unlike the PaperCut vulnerability, tracked as CVE-2023-27350, recently exploited by Clop and LockBit ransomware affiliates. Researchers noted that CVE-2023-39143 is more difficult to exploit because multiple vulnerabilities must be chained together to compromise a server. PaperCut NG and MF are popular print management server software solutions. PaperCut NG and MF versions released before v22.1.3 contain the path traversal vulnerabilities (CVE-2023-39143) that could be exploited to read, delete, and upload arbitrary files to a vulnerable application server. This article continues to discuss the bug fixed by PaperCut.
Help Net Security reports "PaperCut Fixes Bug That Can Lead To RCE"