AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Papercut ng to mf upgrade9/5/2023 ![]() ![]() We recommend that you upgrade all Application Servers and Site Servers (see Upgrade documentation). You will not need to patch Secondary Servers (Print Providers / Direct Print Monitors) - but you can if you prefer. We recommend that you upgrade all Application Servers and Site Servers (see Upgrade documentation) PaperCut MF/NG Direct Print Monitors (Print Providers). ![]() PaperCut MF/NG secondary servers (Print Providers). Which PaperCut components or products are NOT impacted? Which PaperCut MF or NG components are impacted? PaperCut MF or NG version 15.0 or later, on all OS platforms PaperCut MF or NG version 8.0 or later, on all OS platforms Which PaperCut products are impacted, and what are the actions required? This vulnerability has been rated with a CVSS score of 8.2. We do not have any evidence of this vulnerability being used against customers at this point. ![]() This could be done remotely and without the need to log in. The attacker can also retrieve the hashed passwords for internal PaperCut-created users only (note that this does not include any password hashes for users sync’d from directory sources such as Microsoft 365 / Google Workspace / Active Directory and others). We have confirmed that under certain circumstances this allows for an unauthenticated attacker to potentially pull information about a user stored within PaperCut MF or NG - including usernames, full names, email addresses, office/department info and any card numbers associated with the user. This vulnerability has been rated with a CVSS score of 9.8. We have confirmed that under certain circumstances this allows for an unauthenticated attacker to get Remote Code Execution (RCE) on a PaperCut Application Server. We highly recommend upgrading to one of these versions containing the fix (see the Where can I get the upgrade? question below). Important: Both of these vulnerabilities have been fixed in PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later. We have also updated the FAQ “How do I know if my server has been exploited?” question below. If you suspect that your server has been compromised, we recommend taking server backups, then wiping the Application Server, and rebuilding the Application Server and restoring the database from a ‘safe’ backup point prior to when you discovered any suspicious behavior. Our immediate advice is to upgrade your PaperCut Application Servers to one of the fixed versions listed below if you haven’t already. We have documented what we can disclose below.Ĭritical: Please note that as of 18th April, 2023 we have evidence to suggest that unpatched servers are being exploited in the wild, (particularly ZDI-CAN-18987 / PO-1216). We have evidence to suggest that unpatched servers are being exploited in the wild.Īs a precaution, we are not able to reveal too much about these vulnerabilities. 19.2.We have received two vulnerability reports from a 3rd party cyber security company (Trend Micro), for high/critical severity security issues in PaperCut MF/NG.20.1.4 - Windows, macOS, Linux ( Release notes).Questions or require additional information, please email for past versions which include the security fix for PO-480? License upgrades can be purchased via our online order system. (your existing license will work with PaperCut NG 22.0.12) You purchased PaperCut NG less than 3 months before the major upgrade was released You will need to purchase a license upgrade, in line with our long established upgrade policy, except in the following circumstances (where the upgrade is free): Upgrading from PaperCut NG (version 6 through to 21) to version 22.0.12 is a 'major' version upgrade. Information for PaperCut NG users (versions 6 through to 21) Please see the screenshot below for an example of a license with current Maintenance & Support. 16.0 was released on March 15, 2016), you can install the new version. If the date is after the x.0 release (eg. In the License Information section you will find a 'Software updates available until' date. You can check your Maintenance & Support status in the PaperCut web administration interface, under the About tab. It's always a good time to consider upgrading PaperCut.Įxisting PaperCut NG users may upgrade with an install-over-the-top procedure. break, end of term, etc.) or are undertaking server maintenance You have a period of low network activity (e.g. You have a use for any of the new features. You may continue to use your existing PaperCut installation.
0 Comments
Read More
Leave a Reply. |