CVE-2023-27351

Vulnerability updated 7 months ago (2024-05-04T17:46:30.118Z)

Download STIX

Preview STIX

Not enough context has been learned about CVE-2023-27351 for a description yet. However we're tracking it as a Vulnerability profile. Vulnerability: A flaw in software design or implementation

Description last updated:

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Papercut

Vulnerability

Microsoft

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Clop Malware is associated with CVE-2023-27351. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin	Unspecified	3
The Lockbit Malware is associated with CVE-2023-27351. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The TA505 Threat Actor is associated with CVE-2023-27351. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. Cybersec	Unspecified	2
The Lace Tempest Threat Actor is associated with CVE-2023-27351. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi	Unspecified	2
The fin11 Threat Actor is associated with CVE-2023-27351. FIN11, a threat actor group also known as Lace Tempest or TA505, has been linked to the development and deployment of Cl0p ransomware. This malicious software is believed to be a variant of another ransomware, CryptoMix, and is typically used by FIN11 to encrypt files on a victim's network after ste	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-27350 Vulnerability is associated with CVE-2023-27351. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first upda	Unspecified	3

Source Document References

Information about the CVE-2023-27351 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
Fortinet	a year ago	Ransomware Roundup - Cl0p \| FortiGuard Labs
CERT-EU	2 years ago	Multiple vulnerabilities in PaperCut MF/NG
Securityaffairs	2 years ago	Experts released PoC for actively exploited PaperCut flaw
CERT-EU	2 years ago	Exploit to hack 100 million users from 70,000 companies using printer software published
CERT-EU	2 years ago	PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	2 years ago	PaperCut Flaw Exploited to Hijack Servers, Fix Released
Naked Security	2 years ago	PaperCut security vulnerabilities under active attack – vendor urges customers to patch
Malwarebytes	2 years ago	Update your PaperCut application servers now: exploits in the wild
CERT-EU	2 years ago	Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
InfoSecurity-magazine	2 years ago	Microsoft Blames Clop Affiliate for PaperCut Attacks
Securityaffairs	2 years ago	PaperCut exploits used to deliver Cl0p & LockBit ransomware
CERT-EU	2 years ago	Recent PaperCut server attacks linked to Cl0p, Lockbit ransomware
CERT-EU	2 years ago	Attacks on PaperCut servers tied to Clop, LockBit ransomware groups \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	2 years ago	Cyber security week in review: April 28, 2023
CERT-EU	2 years ago	The Good, the Bad and the Ugly in Cybersecurity – Week 17 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	2 years ago	Ransomware Gangs Actively Exploiting PaperCut Server Vulnerabilities
Malwarebytes	2 years ago	Ransomware review: May 2023
CERT-EU	2 years ago	Ransomware gangs are exploiting 3 vulnerabilities to attack healthcare orgs, feds warn \| #ransomware \| #cybercrime – National Cyber Security Consulting
CERT-EU	2 years ago	CVE-2023-27350: Ongoing Exploitation of PaperCut Vulnerability \| Rapid7 Blog