AdvisoriesCISAAA23-131AMay 11, 2023
May 11, 2023
This joint cybersecurity advisory by the FBI and CISA addresses the active exploitation of CVE-2023-27350, a vulnerability found in specific versions of PaperCut NG and PaperCut MF software. The vulnerability allows unauthorized actors to remotely execute malicious code without credentials. PaperCut released a patch for this vulnerability in March 2023. The FBI has received information indicating that malicious actors have been exploiting CVE-2023-27350 since mid-April 2023, with ongoing attacks. In May 2023, the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers in the Education Facilities Subsector. The advisory provides methods for detecting exploitation of CVE-2023-27350 and indicators of compromise associated with the Bl00dy Ransomware Gang.
May 11, 2023
CVE-2023-27350 is a vulnerability found in two specific versions of a specific software product (PaperCut). As such, this vulnerability is likely relevant to only a small subset of devices in any particular environment. Furthermore, now that it is well known, many defensive tools (such as EDR) will defend against the exploit even if the vulnerability exists. Because this vulnerability is especially impactful, it is advised to remediate it as soon as possible. Remediation entails locating vulnerable devices and upgrading their software.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
