Multiple critical vulnerabilities in PaperCut MF/NG, including CVE-2023-27351 (CVSS 7.5), allow remote attackers to bypass security restrictions and execute arbitrary code. These actively exploited vulnerabilities affect PaperCut MF/NG versions 15.0.0 through 20.1.6, 21.0.0 through 21.2.10, and 22.0.0 through 22.0.8. Patches are available in versions 20.1.7, 21.2.11, and 22.0.9, which must be applied immediately.
Multiple vulnerabilities were identified in PaperCut. A remote attacker could exploit these vulnerabilities to trigger security restriction bypass and remote code execution on the targeted system. Note: CVE-2023-27351 is being exploited in the wild. A remote attacker could leverage this... Impact Security Restriction Bypass Remote Code Execution System / Technologies affected CVE-2023–27350 PaperCut MF or NG version 8.0 or later (excluding patched versions). This includes: version 8.0.0 to 19.2.7 (inclusive) version 20.0.0 to 20.1.6 (inclusive) version 21.0.0 to 21.2.10 (inclusive) version 22.0.0 to 22.0.8 (inclusive) CVE-2023–27351 PaperCut MF or NG version 15.0 or later (excluding patched versions). This includes: version 15.0.0 to 19.2.7 (inclusive) version 20.0.0 to 20.1.6 (inclusive) version 21.0.0 to 21.2.10 (inclusive) version 22.0.0 to 22.0.8 (inclusive) Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: PaperCut NG/MF version 20.1.7 PaperCut NG/MF version 21.2.11 PaperCut NG/MF versions 22.0.9 and later versions