By disabling security sandboxing, the malicious script can gain direct access to the Java runtime and, from there, execute code on the main server. The exploit works by adding malicious entries to one of the template printer scripts that are present by default. PaperCut CVE-2023-27350 proof-of-concept exploitation. Previously Clop used Truebot in in-the-wild attacks that exploited a critical vulnerability in software known as GoAnywhere. Truebot is linked to a threat group known as Silence, which has ties with the ransomware group known as Clop.
#Papercut ng default password install#
Evidence then showed that the threat actor used the remote management software to install malware known as Truebot. Two days after PaperCut revealed the attacks, security firm Huntress reported that it found threat actors exploiting CVE-2023-27350 to install two pieces of remote management software-one known as Atera and the other Syncro-on unpatched servers. A related vulnerability, tracked as CVE-2023–27351 with a severity rating of 8.2, allows unauthenticated attackers to extract usernames, full names, email addresses, and other potentially sensitive data from unpatched servers. It allows an unauthenticated attacker to remotely execute malicious code without needing to log in or provide a password. The vulnerability, tracked as CVE-2023–27350, carries a severity rating of 9.8 out of a possible 10.
Last Wednesday, PaperCut warned that a critical vulnerability it patched in the software in March was under active attack against machines that had yet to install the March update. World map showing locations of PaperCut installations.
0 kommentar(er)
