Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability is well known, affects most versions of PaperCut, and has been exploited in ransomware campaigns. Public exploit code and attack tools are available. A successful exploit enables an attacker to gain administrative access to the PaperCut server and launch additional attacks.
The system might change the risk score for this detection.
Kill Chain
Risk Score
87
PaperCut provides multi-platform print management software. PaperCut NG manages printing. PaperCut MF manages printing in addition to scanning, copying, and faxing. After installing and configuring PaperCut MF/NG for the first time, users are taken to a SetupCompleted page. However, this page contains improper access controls that enable an attacker to exploit an authentication bypass vulnerability in PaperCut MF/NG. The attacker sends a malicious HTTP request with a query for the SetupCompleted page. The PaperCut server allows the attacker to log into a Dashboard from the SetupCompleted page and sends the attacker an HTTP response with a 200 status code. After bypassing authentication, the attacker can manipulate built-in PaperCut scripting functionality to run malicious JavaScript code on the print management server.
