![]() ![]() On April 18, 2023, a PaperCut customer reported suspicious activity, which suggested that unpatched servers are being exploited through CVE-2023-27350. It can be abused by an unauthenticated attacker to perform RCE on an unpatched PaperCut Application Server. The critical-rated CVE-2023-27350 has a vulnerability severity score of 9.8. This vulnerability is also identified as ZDI-23-233. This blog entry provides an overview of the vulnerabilities and includes information that IT and SOC professionals need to know.ĬVE-2023-27350, which affects PaperCut MF and NG products, was found to have been exploited in the wild (ITW) in the middle of April. Evidence was found that one of these two vulnerabilities, CVE-2023-27350, is being actively exploited by malicious actors for remote code execution (RCE). Trend Micro’s Zero Day Initiative (ZDI) discovered two vulnerabilities, CVE-2023-27350 and CVE-2023-27351, in Papercut, a print management software solution that is used by over 100 million users globally. We also added Trend Micro Deep Discovery Inspector rules which can help protect against potential exploitation of the vulnerabilities discussed. ![]() EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions. Print jobs are accepted by LPD into the Windows printing system.Updated on Ap10:40 p.m. For CUPS the queue name cannot contain spaces.Ĭreate the CUPS queue by entering in the rest of the required information, such as Name, Description, Location etc.Ĭhoose the driver then click Add Printer. Queue Name - either the share name or print queue name on the print server. Scroll to Other Network Printers then select LPD/LPR Host or Printer.Įnter in the Connection string using the example format on the page. This example assumes you are using the CUPS web based Admin web interface. Select the driver or printer model from the list then click Add.Īn example using the CUPS Admin web interface In Name, define a user friendly name then select the printer type. In Queue, enter the printer’s share name. In Address, enter the IP address of the server hosting the printers. An example using Mac OS X System Preferencesįrom the Protocol list, select Line Printer Daemon - LPD. CUPS) do not allow spaces in queue names, so a share or queue name that does not include spaces improves the likelihood of connection. If this queue services a single account, enable the Override user-level settings at a given queue and charge all jobs to a given shared account. See Handling unauthenticated (non-domain) laptops If the username is not consistent with the Windows username you want to associate with the job, consider additional PaperCut features like: the Unix, Linux, or Mac username associated with the print job. The print jobs are sent with the username from the client system e.g. It’s important at this point to consider how the print jobs are being tracked. The installation wizard also checks for previous versions of the Windows LPD Server, and disables these to ensure there is no port conflict. LPD Servers listen on port 515 by default, so Administrators must ensure that this port is open to requests from clients (check that the port is not blocked by your firewall). PRODUCTS FEATURED Using the PaperCut NG/MF LPD service Install the PaperCut NG/MF LPD serviceĪfter installing the Microsoft Windows version of PaperCut’s Primary, Secondary, or Site Server software, the PaperCut LPD Service Setup Wizard style installer is available under \providers\lpd\win\pc-lpd-installer.exe ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |