The vulnerability found is a Session Variable Overloading vulnerability (aka session puzzling).
#Tcaps web print papercut ng software#
The vulnerability identified in the PaperCut software stems from an access control issue within the SetupCompleted java class in the pcng-server-web jar file. More on PaperCut Vulnerability CVE-2023-27350
The software is used by organizations of all sizes, including schools, universities, government agencies, and businesses. PaperCut can be deployed on-premise or in the cloud and supports a wide range of printers and operating systems. The software can be used to monitor and control printing activity, set printing policies, and generate reports on printing usage and costs. It provides features such as print job tracking, quotas, rules-based printing, and cost accounting. PaperCut is a print management software that helps organizations manage their printing environments. It is recommended that affected systems be patched immediately by updating to one of the following versions: 20.1.7, 21.2.11, or 22.0.9. It affects PaperCut NG and PaperCut MF, and is currently being exploited by threat actors. This vulnerability is a critical remote code execution flaw with a severity score of 9.8.
Today, we will focus on CVE-2023-27350, which was reported by the Zero Day Initiative ( ZDI-23-233 ). On March 8th, PaperCut released new versions that contained security updates and addressed two recently discovered CVEs – CVE-2023-27351 and CVE-2023-27350. In this blog post, we detail PaperCut Vulnerability CVE-2023-27350.
0 kommentar(er)
