Your office printer could be hacking into the company network

(Image credit: Future)

Your office printer could be hacking into the company network, thanks to vulnerable print management software, security experts have warned.

Print management software company PaperCut published a security advisory in which it says there is evidence of threat actors actively exploiting two flaws to access vulnerable server endpoints. 

The company was tipped off by cybersecurity experts Trend Micro in early January 2023, who drew their attention to ZDI-CAN-18987, and ZDI-CAN-19226. The former is an unauthenticated remote code execution flaw found in PaperCut MF or NG, versions 8.0 and newer, holding a 9.8 severity score (critical), while the latter is an unauthenticated information disclosure flaw in PaperCut MF or NG, versions 15.0 and newer, holding an 8.2 severity score (high). 

More details in May

"As of 18th April, 2023 we have evidence to suggest that unpatched servers are being exploited in the wild, (particularly ZDI-CAN-18987 / PO-1216)," the company said in the advisory. "As a precaution, we are not able to reveal too much about these vulnerabilities.” More details should be revealed on May 10, the company said, giving companies enough time to secure their networks. 

There are patches and workarounds for the flaws, though, so users are advised to address the problem immediately and minimize any potential risk.

System admins should make sure their software is patched to versions 20.1.7, 21.2.11 (MF), and 22.0.9 (NG). 

The second flaw can also be mitigated by applying “Allow list” restrictions found in Options > Advanced > Security > Allowed site server IP addresses, and only allowing verified Site Server IP addresses to access the network.

Those interested in double-checking whether or not your systems were compromised are out of luck, as PaperCut says it’s impossible to determine, with absolute certainty, if a threat actor breached the network. The devs suggested IT teams look for suspicious activity in the PaperCut admin interface under Logs > Application Log, including updates from a user called [setup wizard]. They can also look for new users being created, or configuration keys changed. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.