Information Security Office would like to inform you of a critical vulnerability (CVE-2023–27350) discovered and actively exploited in PaperCut NG/MF products. PaperCut NG/MF is a comprehensive print management system. Successful exploitation of this vulnerability could allow for unauthenticated, remote attackers to execute arbitrary code on the server in the context of the System user. Please visit https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 for additional details on affected versions.
We strongly urge all campus operators to immediately patch the servers on critical infrastructure and systems that are publicly facing the Internet.