Update PaperCut Software to Mitigate Malicious Vulnerability

PaperCut Software Updates

Recently it was discovered that there were two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, in PaperCut, a print management software solution that is used by over 100 million users globally. Evidence was found that one of these two vulnerabilities, CVE-2023-27350, is being actively exploited by malicious actors for remote code execution (RCE). It is imperative to update PaperCut software to mitigate these malicious vulnerabilities. This blog provides information on how to update Papercut.

One of PaperCut’s vulnerabilities, can allow unauthorized attackers to potentially extract user account information, such as usernames, full names, email addresses, office and department information, and payment card numbers, that is stored within a customer’s PaperCut MF and NG servers. This vulnerability is also identified as ZDI-23-232.

The following is the process to perform an update on the PaperCut software.

1.      Send an email out to your users letting them know that PaperCut will be down for 15 minutes.

2.      Check with IT or group handling the servers and see how often they back your servers up, it is recommended to be nightly or more if possible. The PaperCut update procedure says to backup the papercut application folder on the server (\Program Files\Papercut MF folder). If they back it up often, you will not have to do this. There will also need to be a backup on the database below.

Papercut database update procedure –
https://www.papercut.com/kb/Main/Upgrading#application-server-upgrade

3.      Get into the Papercut Console, Login with your Admin credentials, go to the Option Tab.
Go to Backups and select Export Now.

4.      Once this is backed up. Go to About Tab.
Make sure you Record the version that you are on. Then Click on the check updates icon. You’ll want to update to 22.0.10 which is at the bottom of the page.

5.      Once you have downloaded it, you have to run it on the Papercut Server. Run through the application, don’t change anything (NEXT BUTTON ALL THE WAY THROUGH). Once finished, wait 3 minutes and then go into the webpage and make sure everything is working.

For more information on this vulnerability and other information go to PaperCut’s website.

Century Business Products is providing this blog as a courtesy to all customers who may be using PaperCut software in their environments. Software management and updates is normally handled by your business’s internal personnel, IT or your IT Management provider.