杏吧传媒

Search
searchclose icon
HomeBlog
Another PaperCut: CVE-2023-39143 Remote Code Execution
Published:
August 5, 2023

Another PaperCut: CVE-2023-39143 Remote Code Execution

By:
Team 杏吧传媒
Contributors:
Special thanks to our Contributors:
Caleb Stewart
John Hammond
Sharon Martin
David Carter
Adam Rice
Anthony Smith
Glitch effectGlitch effectGlitch effect
Glitch banner

On August 5, 杏吧传媒 was of the recently uncovered vulnerability tracked as . For overall statistics, in our partner base we have over 1,000 vulnerable servers across 812 different companies. We have begun outreach efforts to all of our partners.

Our researchers are currently looking into the vulnerability so we can provide a deeper technical analysis and ideas for potential detection of exploits against the vulnerable versions. We will provide further updates to this blog and our as we gather more information. In the meantime, here are some details to hopefully help you get started with patching and mitigation.

Vulnerable Versions

As of now, any Windows Papercut MF or NG server below version 22.1.3 is affected. Please follow the as soon as possible to mitigate this vulnerability. Note that this patch is only available for servers of version 22 and onwards鈥攑atches are not available for older versions of this software.聽

Mitigation Tactics

If you are unable to patch quickly, the next best mitigation is to ensure the server is not publicly accessible from the internet. This will not prevent lateral movement attacks from within your network, but it鈥檚 better than leaving your server completely open.

This vulnerability can also be mitigated by disabling the external device integration setting. To do this, go to Options -> Advanced -> External Hardware Integration and uncheck 鈥淓nable external hardware integration鈥. Please ensure you review your environment before making this system change as it could limit functionality of Papercut server where you have already integrated external hardware. The preferred mitigation here is to patch ASAP.

What You Should Do

Patch as soon as you can if you have a vulnerable version (see above); otherwise apply some mitigations.聽

As always, if you鈥檇 like to have someone else watching your back while you work on patching and/or mitigation, feel free to spin up a free trial with us so our 24/7 SOC can keep an eye out for you.

Thanks to 杏吧传媒 team members Caleb Stewart, John Hammond, Sharon Martin, David Carter, Adam Rice and Anthony Smith, amongst many others for their contributions to this writeup and rapid response effort.

Categories

See 杏吧传媒 in action

Our platform combines a suite of powerful managed detection and response tools for endpoints and Microsoft 365 identities, science-backed security awareness training, and the expertise of our 24/7 Security Operations Center (SOC).

Share
Glitch effect

You Might Also Like

Sign Up for 杏吧传媒 Updates

Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.

By submitting this form, you accept our Terms of Service & Privacy Policy
Oops! Something went wrong while submitting the form.
杏吧传媒 at work