Multiple Vulnerabilities in PaperCut MF/NG Servers

PaperCut has released a security update to address three high severity vulnerabilities in PaperCut MF/NG Servers.

Threat ID:: CC-4364
Threat Severity:: Medium
Published:: 2 August 2023 6:11 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

PaperCut has released a security update to address three high severity vulnerabilities in PaperCut MF/NG Servers.

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 22.1.3

PaperCut MF/NG Application Servers and Site Servers

Threat details

Introduction

PaperCut has released a security update to address three high severity vulnerabilities in PaperCut MF/NG Application Servers and Site Servers.

The vulnerability designated CVE-2023-3486 could allow an unauthenticated, remote attacker with direct server IP access to upload arbitrary files into a target directory. This could be used to fill up the server’s hard disk and prevent the PaperCut server from operating as expected.

A second vulnerability designated CVE-2023-39143 with a CVSSv3 score of 8.4 could be potentially leveraged to read and write arbitrary files. Direct server IP access is required.

The third vulnerability, which is designated CVE-2022-21724, could allow a user who already has administrator access to a PaperCut server to gain further privileges.

Past exploitation of Papercut vulnerabilities

Although there has been no confirmation that these vulnerabilities are currently being exploited in the wild, exploitation of previous vulnerabilities has resulted in the issuing of high severity alerts (HSAs).

Remediation advice

Affected organisations are encouraged to review the PaperCut NG/MF Security Bulletin and apply the relevant security updates.

Definitive source of threat updates

https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/

CVE Vulnerabilities

Status Published

CVE-2023-3486

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.

Status Published

CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.

Status Published

CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.

Last edited: 29 August 2023 3:34 pm