“Critical Remote Code Execution (RCE) Vulnerability (CVE-2023-39143) in PaperCut Application Servers”

PaperCut NG and PaperCut MF are widely adopted software solutions for managing print services on servers.

CVE-2023-39143 is a path traversal vulnerability in PaperCut NG and PaperCut MF versions before v22.1.3, potentially allowing unauthorized access to read, delete, and upload arbitrary files on a vulnerable server.

CVE-2023-39143 in PaperCut Application Servers

According to Horizon3’s advisory, CVE-2023-39143 allows unauthenticated attackers to potentially execute remote code by reading, deleting, and uploading arbitrary files to the PaperCut MF/NG application server.

The vulnerability mainly affects PaperCut servers on Windows, particularly when the external device integration setting is enabled. This setting is turned on by default in certain installations, including the PaperCut NG Commercial version or PaperCut MF.

Horizon3 researchers estimate that most of the PaperCut installations are running on Windows with the external device integration setting turned on.

The issue was addressed with the release of PaperCut NG/MF patch version 22.1.3.

Timeline for CVE-2023-39143:

• May 30, 2023: Initial disclosure sent by Horizon3 to the PaperCut team.
• May 31, 2023: PaperCut acknowledges receipt of the disclosure.
• June 5, 2023: Horizon3 updates the disclosure to include the impact of remote code execution.
• June 8, 2023: PaperCut confirms validation of the findings in the disclosure.
• June/July 2023: Horizon3 and PaperCut collaborate to test interim builds and coordinate disclosure efforts.
• July 24, 2023: Horizon3 reserves CVE-2023-39143 with MITRE.
• July 25, 2023: PaperCut releases patch version 22.1.3.
• Aug. 4, 2023: This advisory.

To mitigate vulnerabilities like CVE-2023-39143, you can take the following steps:

1. Update Software: Ensure that you are running the latest version of PaperCut NG and PaperCut MF (v22.1.3 or newer). Software updates often include security patches that address known vulnerabilities.
2. Patch Management: Implement a robust patch management process to regularly monitor for updates and promptly apply security patches as soon as they are released.
3. Disable Unnecessary Features: Disable any unnecessary features, especially external device integration if it is not required for your setup. This minimizes the attack surface and potential points of exploitation.
4. Firewall Configuration: Configure firewalls and network settings to limit access to the PaperCut application server from only trusted sources. This can help prevent unauthorized access from external entities.
5. Access Control: Implement strong access controls and authentication mechanisms to restrict access to the application server and sensitive files. Only authorized users should have permissions to read, write, or delete files.
6. File Upload Validation: Implement rigorous validation of file uploads to ensure that only allowed file types and formats are accepted, preventing arbitrary file uploads.
7. Web Application Firewall (WAF): Consider using a WAF to monitor and filter HTTP requests, which can help detect and block malicious attempts to exploit path traversal vulnerabilities.