![]() In addition to storing print log information in the database, a real-time, plain text log is also written into the directory: PaperCut Software developers try to minimize data structure changes but they are expected to occur in major upgrades. Modifying data directly underneath the application can cause unpredictable behavior.Īlways test any custom reports after an upgrade as the underlying data format might have changed. Report developers should keep in mind:Īccess the data only in read-only mode. The PaperCut NG/MF data structure is relatively simple and people with Crystal Reports, MS Access, JasperSoft Studio, or SQL experience should have no problems extracting data or writing custom reports. For more information see Deployment on an external database (RDBMS). Common database solutions include Microsoft SQL Structured Query Language (SQL) is a special-purpose programming language designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS). Most commercial RDBMS's use the Structured Query Language (SQL) to access the database, although SQL was invented after the development of the relational model and is not necessary for its use.) designed for multi-user and multi-application user access. To access the data from an external source, such as a reporting program, consider running PaperCut NG/MF on an external database ( RDBMS A Relational database management system (RDBMS) is a program that lets you create, update, and administer a relational database. The internal database, however, is not designed for multi-application access. The internal database is optimized for embedded use, is very robust, ACID compliant, and scales well. The database is Apache Derby - an open source database written by IBM and based on their DB2 Cloudscape Database. The default, PaperCut NG/MF installation stores data in an internal database. Hxxp://upd488.windowservicecemtercom/download/a3.msiĭownload URL linked to malicious domain observed in our intrusion.Ĭobaltstrike C2, that has a similar domain naming convention and registration pattern to the Domain used to host in PaperCut NG and PaperCut MF. Note: We have not observed this in our specific intrusion. URL delivering MSI file that installs AteraAgent ![]() Hxxp://upd488.windowservicecemtercom/download/setup.msi ![]() URL delivering MSI file that installs Syncro MSP RMM toolĠ0ec44df6487faf9949cebee179bafe8377ca4417736766932508f94da0f35feĪppPrint.msi file that installs Syncro MSP RMM toolĭomain delivering MSI file that loads RMM tool. Hxxp://upd488.windowservicecemtercom/download/AppPrint.msi Indicators of Compromise (IOCs) Indicator Note: Arctic Wolf recommends the following change management best practices for applying upgrades, including testing changes in a testing environment before deploying to production to avoid any operational impact. No workaround is available for this vulnerability. Versions 20.1.7, 21.2.11 and 22.0.9 and later.Īpplication and Site servers are impacted secondary servers (Print Providers) and Direct Print Monitors are not impacted. Version 8.0 or later, on all OS platforms According to PaperCut, there is no practical workaround to address this vulnerability. We strongly recommend upgrading PaperCut MF and PaperCut NG to 20.1.7, 21.2.11, 22.0.9 or later to prevent potential exploitation. Recommendations For CVE-2023-27350 Recommendation #1: Upgrade PaperCut Application Servers to a Fixed Version We strongly recommend that organizations running the affected products upgrade as soon as possible. We assess with moderate confidence that this intrusion activity is related to the exploitation of CVE-2023-27350.Īrctic Wolf has deployed monitoring around indicators of compromise associated with this PaperCut intrusion activity. Over the past week, Arctic Wolf has observed intrusion activity associated with a vulnerable PaperCut Server where the RMM tool Synchro MSP was loaded onto a victim system. ![]() Additional details surrounding this vulnerability will be released by Trend Micro on May 10, 2023. Zero Day Initiative responsibly disclosed the vulnerability to PaperCut on JanuPaperCut released a patch on March 8, 2023. CVE-2023-27350 could allow unauthenticated threat actors to bypass authentication and execute arbitrary code in the context of SYSTEM on a PaperCut Application Server. On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by threat actors. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |