We find that the JAR that contains this SetupCompleted class is within C:\Program Files\PaperCut NG\server\lib\pcng-server-web-19.2.7.jar.ĭecompiling a JAR can be done several ways, in this case we use CFR. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. The issue results from improper access control. ![]() The specific flaw exists within the SetupCompleted class. Inspecting the ZDI case reveals valuable information within the Vulnerability Details: In this post we’ll walk through the methodology of discovering the vulnerability given the security advisory, look at the root cause, analyze the patch, and develop an exploit proof-of-concept. Subsequent research by Huntress also detailing this vulnerability was released on 21 April 2023 – including exploitation details and additional indicators of compromise. On 19 April 2023, PaperCut became aware of in-the-wild exploitation of the product and published additional details including several indicators of compromise such as log file entries, known malicious domains, and YARA rules to detect observed malicious activity. The ZDI case, ZDI-CAN-18987, details the vulnerability as an authentication bypass which leads to code execution. ![]() PaperCut also details in this advisory that they became aware of it from Zero Day Initiative (ZDI). ![]() The PaperCut security advisory details CVE-2023-27350 as a vulnerability that may allow an attacker to achieve remote code execution to compromise the PaperCut application server. On 8 March 2023, PaperCut released new versions for their enterprise print management software, which included patches for two vulnerabilities: CVE-2023-27350 and CVE-2023-27351.
0 Comments
Leave a Reply. |