Patch now! Attacks on PaperCut NG/MF observed

Due to current attacks, admins should ensure that they have an up-to-date version of the PaperCut NG/MF printer management software installed. If attacks are successful, attackers can in the worst case push malicious code onto systems and execute it. Security updates have been available for some time.

Older threat still current

The US security authority CISA (Cybersecurity & Infrastructure Security Agency) warns of the attacks in a recent article. The vulnerability (CVE-2023-2533"high") is already two years old; security patches have been available since then. However, these have obviously not been installed across the board, meaning that attackers can still exploit the software vulnerability.

In the course of a cross-site request forgery attack (CSRF), attackers target registered admins on vulnerable PCs in order to carry out actions on behalf of the victims. If an attack succeeds, attackers can bend security settings or even execute their own code and thus compromise systems.

Patch now!

It is currently unknown to what extent and how exactly such attacks are carried out in this case. The software manufacturer's two-year-old security warningstates that the PaperCut NG/MF 22.1.1 version is protected against attacks. According to the developers, they have separated the configurations of certain components from the admin interface. All operating systems for which the printer management software is available are said to be at risk. They state that versions 20.1.8 and 21.2.12 are not affected by the software vulnerability.

Unfortunately, it is not clear from the developers' article how admins can recognize computers that have already been attacked.

(des)