Home / Threat Intelligence bulletins / PaperCut remediates another critical security flaw

Target Industry

Indiscriminate, opportunistic targeting.


PaperCut has disclosed that it has remediated a critical remote code execution (RCE) vulnerability in its NG/MF print management software. The flaw, tracked as CVE-2023-39143, has emerged as a result of two path traversal weaknesses that allow threat actors to access data on vulnerable systems in low-complexity attacks.


Successful exploitation of CVE-2023-39143 allows threat actors to upload, read, or delete arbitrary files on vulnerable systems. This would result in RCE when external device integration is enabled, thus leading to the compromise of the integrity of data.

Vulnerability Detection

PaperCut has released a patch for CVE-2023-39143 as it relates to the respective product versions. As such, previous versions are vulnerable to potential exploitation.

Affected Products

PaperCut NG and PaperCut MF before 22.1.3.

Containment, Mitigations & Remediations

It is strongly recommended that administrators apply the latest PaperCut update (version 22.1.3) as soon as possible. If updating immediately is not possible, administrators can apply a mitigation strategy by configuring an allowlist of device IP addresses by following the protocol outlined in the PaperCut advisory.

CVE-2023-39143 only impacts PaperCut servers that are operating with the external integration setting switched on in a Windows environment. It should be noted that this setting is activated within the majority of PaperCut servers. Security researchers have released a command that can be executed to determine whether or not a server is vulnerable.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

PaperCut creates printing management software compatible with all major platforms. It is used by state organisations and education institutes. The software developer also provides services for hundreds of millions of customers in over 100 countries. PaperCut also occupies a significant proportion of the print management market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, PaperCut products could emerge as a consistent target. Due to the fact that PaperCut products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.

The disclosure of CVE-2023-39143 has occurred just months following numerous ransomware operators targeting vulnerable PaperCut servers, involving an RCE CVE-2023–27350 and information disclosure exploit CVE-2023–27351. Please refer to the related Quorum Cyber Threat Intelligence bulletin for further details.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Discovery Technique:

T1083– File and Directory Discovery

Further Information

PaperCut Advisory

An Intelligence Terminology Yardstick to showing the likelihood of events