The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350.
This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials.
PaperCut released a patch in March 2023.
According to FBI observed information, malicious actors exploited CVE-2023-27350 beginning in mid-April 2023 and continuing through the present.
In early May 2023, also according to FBI information, a group self-identifying as the Bl00dy Ransomware Gang attempted to exploit vulnerable PaperCut servers against the Education Facilities Subsector.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.