We recommend that you upgrade all Application Servers and Site Servers (see Upgrade documentation) PaperCut MF/NG Direct Print Monitors (Print Providers). PaperCut MF/NG secondary servers (Print Providers). Which PaperCut components or products are NOT impacted? Which PaperCut MF or NG components are impacted? What versions are not impacted / which versions are FIXED? PaperCut MF or NG version 15.0 or later (excluding patched versions), on all OS platforms. ![]() PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms. What versions are impacted / which versions are VULNERABLE? Which PaperCut products are impacted, and what are the actions required? ![]() This vulnerability has been rated with a CVSS score of 8.2. We do not have any evidence of this vulnerability being used against customers at this point. This could be done remotely and without the need to log in. The attacker can also retrieve the hashed passwords for internal PaperCut-created users only (note that this does not include any password hashes for users sync’d from directory sources such as Microsoft 365 / Google Workspace / Active Directory and others). We have confirmed that under certain circumstances this allows for an unauthenticated attacker to potentially pull information about a user stored within PaperCut MF or NG - including usernames, full names, email addresses, office/department info and any card numbers associated with the user. This vulnerability has been rated with a CVSS score of 9.8. We have confirmed that under certain circumstances this allows for an unauthenticated attacker to get Remote Code Execution (RCE) on a PaperCut Application Server. We highly recommend upgrading to one of these versions containing the fix (see the Where can I get the upgrade? question below). ![]() Important: Both of these vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11, and 22.0.9 and later.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |