CVE-2023-27350

Vulnerability updated 4 months ago (2024-05-04T16:48:56.334Z)
Download STIX
Preview STIX
CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and internal deployment systems. The vulnerability was notably exploited by the ransomware group initially identified in May 2022, known for targeting education organizations and using various zero-day vulnerabilities for ransomware deployment. The exploitation of CVE-2023-27350 was observed in Q2 and Q3 of 2023, causing a major impact on millions of computers worldwide. The ransomware group, along with cybercriminal organization FIN7, utilized DEV-0950 tools to exploit this critical server vulnerability. It's also worth noting that this vulnerability was one among several others found in different products like Citrix and MOVEit Transfer software, which were also exploited during the same period. In response to these threats, updates were made to mitigate the vulnerability on May 5, 2023. However, the operators swiftly shifted their focus to other severe bugs impacting various applications, including IBM's Aspera Faspex file exchange application. Despite the challenges posed by CVE-2023-27350 and similar vulnerabilities, it's clear that ongoing vigilance and proactive cybersecurity measures are essential to protect against such exploits.
Description last updated: 2024-05-04T16:04:00.992Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Papercut
Vulnerability
Ransomware
Exploit
Fbi
Microsoft
CISA
Apt
Remote Code ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ClopUnspecified
3
Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Bl00dyUnspecified
4
Bl00dy is a threat actor known for its malicious activities in the cyber world. The group, along with another threat actor called Black Basta, have recently been identified as exploiting bugs in ConnectWise ScreenConnect, a popular remote management tool. This exploitation has led to a significant i
Lace TempestUnspecified
2
Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi
fin11Unspecified
2
FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste
Mango SandstormUnspecified
2
Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targete
Mint SandstormUnspecified
2
Mint Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran's Islamic Revolutionary Guard Corps (IRGC), has been identified as a significant cyber threat actor. This group is known for its highly skilled operators and sophisticated social engineering techniques, often lacking the typica
PhosphorusUnspecified
2
Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the
MERCURYUnspecified
2
Mercury, also known as MuddyWater and Static Kitten, is a threat actor group linked to global espionage activities, with suspected ties to the Iranian Ministry of Intelligence and Security. This group has been noted for its malicious activities, compromising multiple victims that another group, POLO
TA505Unspecified
2
TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2023-27351Unspecified
3
None
Source Document References
Information about the CVE-2023-27350 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Trend Micro
6 months ago
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
CERT-EU
8 months ago
Less than 1% vulnerabilities pose highest risk in 2023, finds Qualys
CERT-EU
8 months ago
Clop ransomware gang takes out dubious top spot as most prolific operator of 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
InfoSecurity-magazine
9 months ago
2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List
CERT-EU
10 months ago
Vulnerability Exploitation: 3 Trends from Our Biannual Review - ReliaQuest
CERT-EU
10 months ago
Vulnerability Exploitation : 3 Trends from Our Biannual Review – Global Security Mag Online
CERT-EU
10 months ago
12 Best Vulnerability Management Systems & Tools 2023
CERT-EU
a year ago
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023 | Qualys Security Blog
CERT-EU
a year ago
LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
CERT-EU
a year ago
Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU
a year ago
IT threat evolution in Q2 2023. Non-mobile statistics – GIXtools
CERT-EU
a year ago
PC malware statistics, Q2 2022
DARKReading
a year ago
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
CERT-EU
a year ago
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
CERT-EU
a year ago
New PaperCut Vulnerability Allows Remote Code Execution
Securityaffairs
a year ago
PaperCut flaw in print management sw exposes servers to RCE
CERT-EU
a year ago
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
Fortinet
a year ago
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
Fortinet
a year ago
Ransomware Roundup - Cl0p | FortiGuard Labs
CERT-EU
a year ago
What’s New in InsightVM and Nexpose: Q2 2023 in Review | Rapid7 Blog