The flaw, tracked as CVE-2023-27350 (CVSS score 9.8), which affects PaperCut MF or NG versions 8.0 or later, is a critical severity unauthenticated remote code execution bug that has been used in ransomware campaigns.
The flaw, discovered in March 2023 apparently enabled threat actors to execute code through PaperCut’s built-in scripting interface. While the flaw was later patched, an update on the advisory was released in April, warning it has been actively exploited in attacks.
Since then, a variety of threat actors, including ransomware operators, have exploited the vulnerability, and post-exploitation activities have resulted in the execution of PowerShell instructions used to deliver extra payloads.
Researchers soon released PoC exploits for the RCE flaw, and Microsoft later confirmed that the Clop and LockBit ransomware gangs had used it to gain initial access. In response, several security firms have provided detection guidelines for PaperCut attacks and indicators of compromise, including Sysmon, log files, and network signatures.
However, a new attack technique, identified by VulnCheck researchers, can bypass current detections, enabling attackers to exploit CVE-2023-27350 without hindrance. “This report shows t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: