Governance & Risk Management , Patch Management

Critical Bugs Found in PaperCut Allow RCE

Vulnerability Could Allow Attackers to Read, Delete or Upload Arbitrary Files
Critical Bugs Found in PaperCut Allow RCE

A recently identified security vulnerability in PaperCut print management software holds the potential for high-severity outcomes and could let unauthorized hackers run code remotely.

See Also: Finding and Managing the Risk in your IT Estate: A Comprehensive Overview

The flaw, tracked as CVE-2023-39143, is a path traversal or file upload remote code execution vulnerability that involves the manipulation of file paths within the software's code.

Naveen Sunkavally of in a security advisory said this vulnerability could allow an attacker to navigate outside the intended directory structure and access, delete or upload arbitrary files on the application server.

The software is used in a wide array of environments ranging from universities with large printer fleets supporting over 100,000 users to smaller organizations that track printing for fewer than 50 users on three or four printers, according to the company website.

PaperCut released PaperCut NG/MF version 22.1.3 and urged users to upgrade directly to this release from any previous version of PaperCut NG/MF. The flaw affects PaperCut NG and MF print management software running on Windows prior to version 22.1.3.

According to the cybersecurity company, the scenario in which an uploaded file could lead to remote code execution becomes feasible when the default-enabled external device integration setting is active. This default setting is turned on in certain installations of PaperCut.

"We estimate that the vast majority of PaperCut installations are running on Windows with the external device integration setting turned on," Sunkavally said.

Ransomware hackers previously targeted PaperCut installations with administrator access and used them to gain further privileges. In April, an affiliate of the Russian-speaking Clop ransomware-as-a-service gang and the LockBit cybercrime group each actively exploited vulnerabilities in PaperCut (see: Ransomware Hackers Exploit PaperCut Bugs).

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.