Technology

Your office printer could hack into the company network

April 20, 2023

your office Printer Security experts warn that vulnerable print management software could hack into the corporate network.

Print management software company PaperCut has published a security advisory citing evidence that threat actors are actively exploiting two vulnerabilities to access vulnerable server endpoints.

The company was alerted to this by cybersecurity experts Trend Micro in early January 2023, who brought ZDI-CAN-18987 and ZDI-CAN-19226 to their attention. The former is an unauthenticated remote code execution bug found in PaperCut MF or NG version 8.0 and newer with a severity of 9.8 (Critical), while the latter is an unauthenticated information disclosure bug in PaperCut MF or NG version 15.0 and newer, is. with a severity of 8.2 (high).

More in May

“As of April 18, 2023, we have had indications of unpatched servers being exploited in the wild (specifically, ZDI-CAN-18987 / PO-1216),” the company said in the advisory. “As a precaution, we can’t reveal too much about these vulnerabilities.” More details should be released on May 10, the company said, to give companies enough time to secure their networks.

However, there are patches and workarounds for the errors, so users are advised to fix the problem immediately and minimize potential risks.

System administrators should ensure their software is patched to versions 20.1.7, 21.2.11 (MF) and 22.0.9 (NG).

The second bug can also be mitigated by applying “allow list” restrictions found under Options > Advanced > Security > Allowed site server IP addresses and only allowing verified site server IP addresses to access the network.

Those interested in verifying whether or not your systems have been compromised are out of luck, as PaperCut says it’s impossible to determine with absolute certainty that an attacker has breached the network. The developers suggested that IT teams check the PaperCut admin interface under Logs > Application Log for any suspicious activity, including updates from a called user [setup wizard]. You can also search for newly created users or changed configuration keys.

Above: Beeping computer (opens in new tab)

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar