Over 100 million users and 70,000 companies around the world are affected by cyber attackers exploiting vulnerabilities (CVE-2023-27350 and CVE-2023-27351) in the popular PaperCut MF/NG print management software. The attackers use Atera remote management software to commandeer servers, which can ultimately lead to ransomware deployment. PaperCut has addressed the vulnerabilities in versions 20.1.7, 21.2.11, and 22.0.9 and encourages users to update their software immediately. The proof-of-concept exploit shared by Horizon3 could increase the likelihood of further attacks. As a result, the Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2023-27350 in its actively exploited vulnerabilities list and issued a directive for federal agencies to secure their systems by May 12, 2023. If administrators are unable to promptly update their servers, they should consider preventive measures, such as blocking external traffic to the web management port.

Relevant URL: https://www.bleepingcomputer.com/news/security/exploit-released-for-papercut-flaw-abused-to-hijack-servers-patch-now/