![]() ![]() PaperCut Mobility Print versions prior to, on all OS platforms (excluding fixed versions named below). This CVE only impacts PaperCut Mobility Print.Note: FluidAttacks are looking to publicly disclose additional information in the upcoming weeks. Create a Web Print printer map or custom printer list (optional) Advanced Web Print configuration (optional) Submit a Web Print job. This vulnerability has been rated with a CVSS score of 4.8: (CVSSv3 Vector: A web-based printing service that allows quick printing on campus from your own laptop to any public computer lab. This issue could allow a malicious actor to craft a link that is sent to an authenticated administrator that could lead to changing Mobility Print settings. We want to thank the security researchers at FluidAttacks, in particular Carlos Bello. ![]() Customers who have disabled Mobility Print auto-updates are encouraged to review their Mobility Print version. Mobility Print is auto updating and a fix for this has already been deployed to customers who have auto-updates enabled. Security Issues Addressed Address potential CSRF attack in Mobility Print (CVE-2023-2508) For organisations running Linux and macOS servers, if the inbuilt GhostScript is utilised, we recommend making sure the OS system updates are being applied. In line with best practice we will be updating GhostTrap in the near future however NO urgent action is required. All of PaperCut’s products and setup documentation for Windows platforms use GhostTrap, and we can confirm that we have reviewed recent exploits and checked that the sandboxing measures of GhostTrap offer the protection as expected. GhostTrap brings best of breed sandboxing technology out of Google Chrome to protect against issues that may exist with the GhostScript code. With our security focused mindset this worried us so we started a new open-source project called Why? Back in 2012 the PaperCut engineering team discovered a number of bugs in GhostScript that could potentially lead to vulnerabilities, and these were reported to the GhostScript team at the time. In addition to the summary status URLs for Web Print servers, PaperCut NG/MF provides URLs to monitor the number of Web Print servers supporting a specific. If you’re using GhostTrap, then you have significant protection against GhostScript exploits. There has recently been some GhostScript vulnerabilities in the news. Executive Summary / tl drĬlarification of GhostScript vulnerabilities in the news, and a potential CSRF issue has been found in Mobility Print (fixed via auto update). In this bulletin we cover the security improvements addressed in PaperCut Mobility Printįor other Security vulnerability and Security bulletin information, see our Security vulnerability information and common security questions page. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |