Based on PaperCut's investigation, the earliest suspicious activity that's possibly related to CVE-2023-27350 dates back to April 14, 2023. On April 18, 2023, a PaperCut customer reported suspicious activity, which suggested that unpatched servers are being exploited through CVE-2023-27350. It can be abused by an unauthenticated attacker to perform RCE on an unpatched PaperCut Application Server. The critical-rated CVE-2023-27350 has a vulnerability severity score of 9.8. This vulnerability is also identified as ZDI-23-233. This blog entry provides an overview of the vulnerabilities and includes information that IT and SOC professionals need to know.ĬVE-2023-27350, which affects PaperCut MF and NG products, was found to have been exploited in the wild (ITW) in the middle of April. Evidence was found that one of these two vulnerabilities, CVE-2023-27350, is being actively exploited by malicious actors for remote code execution (RCE). Trend Micro’s Zero Day Initiative (ZDI) discovered two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, in Papercut, a print management software solution that is used by over 100 million users globally. We also added Trend Micro Deep Discovery Inspector rules which can help protect against potential exploitation of the vulnerabilities discussed. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
0 Comments
Leave a Reply. |