PaperCut MF/NG vulnerability CVE-2023–27350/CVE-2023–27351

PaperCut MF and PaperCut NG applications are affected by two recently disclosed vulnerabilities. The most serious of these (CVE-2023–27351) is rated as “Critical” severity with a CVSS score of 9.8/10.

PaperCut have advised “Both of these vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later.”

Additionally PaperCut have advised they have evidence of active exploitation, “We have evidence to suggest that unpatched servers are being exploited in the wild.”

Please see the advisory notice published by PaperCut for further details and required actions:

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219

If you have any concerns regarding this matter, please contact Daisy via our Service Desk team on 0330 024 3333 or our Customer Portal.