[SEO-Updates] SEO Security Bulletin - PaperCut MF/NG Vulnerability Announcement

mpost at library.ohio.gov mpost at library.ohio.gov
Thu Apr 27 12:19:59 EDT 2023 


[A picture containing logo  Description automatically generated]

Greetings SEO Members,

Vulnerability Summary
The PaperCut Print Management software contains a vulnerability (CVE-2023-27350<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27350>) that could allow attackers to remotely execute code with administrative privileges, thus making it possible to deploy the Clop ransomware and encrypt files on the compromised systems.  This vulnerability was discovered in March, 2023 and promptly reported to PaperCut who disclosed the vulnerability along with a patch on April 19th.  PaperCut MF/NG is used by over 70,000 organizations, including some of our libraries.  One of our libraries became aware of this vulnerability as their receipt printer printed the following ransomware statement:
[cid:image003.png at 01D97902.94148AD0]
Recommendation
PaperCut highly recommends ALL organizations upgrading to the fixed versions detailed below IMMEDIATELY.

Affected Versions
PaperCut MF/NG version 22.0.5 (Build 63914) - prior versions may also be affected

Fixed Versions
PaperCut MF/NG versions 20.1.7, 21.2.11, and 22.0.9

References to vendor announcements, solutions, and links provided by SEO
Vendor Advisory: PaperCut MF/NG Vulnerability Bulletin | URGENT & Solution Details<https://www.papercut.com/kb/Main/PO-1216-and-PO-1219>
National Vulnerability Database - CVE-2023-27350<https://nvd.nist.gov/vuln/detail/CVE-2023-27350>
National Vulnerability Database - CVE-2023-27351<https://nvd.nist.gov/vuln/detail/CVE-2023-27351>

SEO Security Awareness Page<https://servingeveryohioan.org/security/>
SEO Ransomware and Cyber Incident Articles<https://support.servingeveryohioan.org/support/solutions/folders/69000644132>

Report Security Vulnerabilities to SEO like these here: Report Security Event<mailto:support at servingeveryohioan.org?subject=Security%20Event%20Notification>

Please let us know if you have any questions regarding this vulnerability.

Best Regards,
Your SEO Team<https://servingeveryohioan.org/meet-our-team/>

[cid:image004.png at 01D97902.94148AD0]
Michael Postlethwait
Application and Integrations Specialist

State Library of Ohio
SEO Service Center
40780 Marietta Rd.
P.O. Box 185
Caldwell, OH 43724

Phone: 1-877-552-4262 x225
Email:mpost at library.ohio.gov<mailto:mpost at library.ohio.gov>
https://servingeveryohioan.org/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/seo-updates/attachments/20230427/6ae42580/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 25419 bytes
Desc: image002.png
URL: <http://lists.oplin.org/pipermail/seo-updates/attachments/20230427/6ae42580/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 56858 bytes
Desc: image003.png
URL: <http://lists.oplin.org/pipermail/seo-updates/attachments/20230427/6ae42580/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 127344 bytes
Desc: image004.png
URL: <http://lists.oplin.org/pipermail/seo-updates/attachments/20230427/6ae42580/attachment-0002.png>

More information about the SEO-Updates mailing list