Papercut MF & NG Active Exploit
Date of Notice: 04/20/2023
Action Level - Critical
Papercut is reporting that two previously reported vulnerabilities, including one with critical severity, are now being exploited by attackers. These vulnerabilities can allow an unauthenticated attacker to perform Remote Code Execution on a Papercut server. As this is being actively exploited, Papercut recommends immediate patching as well as investigation into whether your servers may have been compromised.
- Papercut MF and NG - Application and Site Servers
This exploit can be performed remotely and without authentication.
An exploit currently exists in the wild.
Update to a fixed release (see above)
Vendor Advisory (Includes update info and recommendations on exploit detection)