On April 21, 2023, we received reports indicating a vulnerability was discovered with the Papercut NG software which exposed unpatched environments. For more information, see PaperCut NG Vulnerability.
Environments
- Windows
Cause
The specific flaw exists within the PaperCut NG software. The issue results from improper access control that allows remote attackers to bypass authentication on installations of PaperCut.
Resolution
PaperCut has issued an update to fix this vulnerability. For more information, see PaperCut MF/NG Vulnerability.
Resolution 1
Use Vulnerability and Patch Management to update the PaperCut software if you have the module.
Resolution 2
Update PaperCut software manually on your endpoints.
Resolution 3
Configure the Anti-exploit policy settings to shield endpoints from this vulnerability.
- Sign in to Nebula or OneView.
- On the left navigation menu, click Configure.
- Click Policies.
- Select a policy assigned to endpoints installed with PaperCut software.
- Select the Protection Settings tab.
- Under Exploit protection, click Advanced settings.
- Click Manage protected applications > Add.
- Enter or select the following information:
- App Name: Papercut
- App File: pc-app.exe
- Program Type: MS Office
- Click Save > Close.
- Click Save.