CVE-2023-27350

Vulnerability updated 2 months ago (2024-09-24T18:00:55.959Z)
Download STIX
Preview STIX
CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first updated on May 5, 2023, and it has been classified as having high confidence, major signature severity, and low performance impact. It is primarily exploited by attackers targeting servers, both at the perimeter and internally, including those using SSLDecrypt deployment. The exploitation of this vulnerability has been linked to a ransomware group initially identified in May 2022. This group has a history of leveraging zero-day vulnerabilities, including CVE-2023-27350, for ransomware deployment purposes. Notably, they have targeted educational organizations using PaperCut attacks. Furthermore, in Q2 and Q3 of 2023, this and other vulnerabilities found in products like Citrix and MOVEit Transfer software were exploited, compromising networked systems worldwide. FIN7, another cybercriminal group, used DEV-0950 tools to exploit this critical server vulnerability, impacting millions of computers globally. Other severe bugs, such as those impacting IBM's Aspera Faspex file exchange application and VMware's ESXi servers, were also swiftly exploited by these operators to deploy ransomware. These "day-one" vulnerabilities, including CVE-2023-27350, represent a serious threat to enterprise print servers and other networked systems.
Description last updated: 2024-09-24T17:16:15.133Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Papercut
Vulnerability
Ransomware
Exploit
Fbi
Microsoft
CISA
Apt
Remote Code ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clop Malware is associated with CVE-2023-27350. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
3
The Lockbit Malware is associated with CVE-2023-27350. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Bl00dy Threat Actor is associated with CVE-2023-27350. Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant iUnspecified
4
The Lace Tempest Threat Actor is associated with CVE-2023-27350. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. ThiUnspecified
2
The fin11 Threat Actor is associated with CVE-2023-27350. FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after steUnspecified
2
The Mango Sandstorm Threat Actor is associated with CVE-2023-27350. Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targeteUnspecified
2
The Mint Sandstorm Threat Actor is associated with CVE-2023-27350. Mint Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran's Islamic Revolutionary Guard Corps (IRGC), has been identified as a significant cybersecurity threat. The group has demonstrated its capability to rapidly weaponize N-day vulnerabilities in common enterprise applications and cUnspecified
2
The Phosphorus Threat Actor is associated with CVE-2023-27350. Phosphorus, also known as APT35 or Charming Kitten, is a prominent threat actor linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group is notorious for its cyberespionage activities and has been actively targeting high-profile individuals involved in Middle Eastern affairs at univUnspecified
2
The MERCURY Threat Actor is associated with CVE-2023-27350. Mercury, also known as MuddyWater and Static Kitten, is a threat actor group linked to global espionage activities, with suspected ties to the Iranian Ministry of Intelligence and Security. This group has been noted for its malicious activities, compromising multiple victims that another group, POLOUnspecified
2
The TA505 Threat Actor is associated with CVE-2023-27350. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. CybersecUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2023-27351 is associated with CVE-2023-27350. Unspecified
3
Source Document References
Information about the CVE-2023-27350 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
6 days ago
InfoSecurity-magazine
2 months ago
Trend Micro
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Fortinet
a year ago