New vulnerabilities affecting PaperCut MF & PaperCut NG application and site servers have been detected. We recommend updating PaperCut to the latest version as per the instructions below, where applicable.

Vulnerability NameCVE-2023-27350 improper access control issue
SeverityCritical
CVSS9.8
Affected ProductsPaperCut MF & NG

Current Description:

Successful exploitation of this security defect allows a remote, unauthenticated attacker to bypass authentication and execute arbitrary code with System privileges. The exploits affect PaperCut MF & PaperCut NG application and site servers. Please note that client software on end-user devices is not affected.

Resolution:

Update the software as per the instructions here:

 APRIL 19 UPDATE | PaperCut MF/NG vulnerability bulletin (March 2023) | PaperCut