Researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances.
The vulnerability tracked as CVE-2023-39143 with a CVSS score: 8.4 impacts PaperCut NG/MF prior to version 22.1.3. It has been described as a combination of a path traversal and file upload vulnerability.
The file upload leading to remote code execution is possible when the external device integration setting is enabled, which is on by default in some installations of PaperCut.
Earlier this year, another remote code execution vulnerability in the same product (CVE-2023-27350) and an information disclosure flaw (CVE-2023–27351) came under widespread exploitation in the wild to deliver Cobalt Strike and ransomware Iranian nation-state actors were also spotted abusing the bugs to obtain initial access to target networks.
When compared with CVE-2023-27350, CVE-2023-39143 that does not require attackers to have any prior privileges to exploit, and no user interaction is required. CVE-2023-39143 is more complex to exploit, involving multiple issues that must be chained together to compromise a server.
Also patched flaw tracked as CVE-2023-3486 with a CVSS score of 7.4, an unauthenticated attacker with direct server IP access to upload arbitrary files into a target leading to a potential denial-of-service.