There is currently no foolproof way to determine if your server has been exploited. Although Site Servers are not impacted, they should be upgraded to match the Application Server version. Recommended Action: Upgrade all Application Servers to PaperCut MF/NG versions 20.1.7, 21.2.11, or 22.0.9 and later to address this vulnerability. PaperCut MF/NG Site Servers, PaperCut Hive, PaperCut Pocket, Print Deploy, Mobility Print, and PaperCut User Client software.This vulnerability has been assigned a CVSS score of 8.2, indicating a high level of severity. This vulnerability has not been observed being exploited, but it is still essential to address it. However, password hashes for users synced from directory sources like Microsoft 365, Google Workspace, and Active Directory remain unaffected. Additionally, the attacker may retrieve hashed passwords for internally created PaperCut users. This vulnerability allows an unauthenticated attacker to potentially access sensitive user information stored within PaperCut MF or NG, such as usernames, full names, email addresses, office/department info, and card numbers. Recommended Action: Upgrade all Application Servers and Site Servers to PaperCut MF/NG versions 20.1.7, 21.2.11, or 22.0.9 and later to address this vulnerability. PaperCut Hive, PaperCut Pocket, Print Deploy, Mobility Print, and PaperCut User Client software.PaperCut MF/NG Direct Print Monitors (Print Providers).PaperCut MF/NG secondary servers (Print Providers).PaperCut MF/NG Application Servers and Site Servers. It has been assigned a CVSS (Common Vulnerability Scoring System) score of 9.8, indicating a high level of severity. This vulnerability allows an unauthenticated attacker to remotely execute code on a PaperCut Application Server or Site Server without the need to log in. Are your applications vulnerable to attack? Use these free tools to find out.
0 Comments
Leave a Reply. |