PaperCut NG/MF Session Hijacking Vulnerability in Konica Minolta Embedded Application

A session hijacking vulnerability has been identified in the PaperCut NG/MF embedded application for Konica Minolta devices. The issue arises from an insecure communication channel between the embedded application and the PaperCut Application Server, which could be exploited to intercept sensitive data or conduct phishing attacks on end users. This vulnerability affects PaperCut NG/MF versions prior to 25.0.10, as well as PaperCut MF versions prior to 25.0.5 (Standard Release) or 25.0.9 (Konica Minolta Certified Release).

Impact

Exploitation of this vulnerability could allow an attacker on the same local network to intercept sensitive data or mount a phishing attack on the end user.

Remediation

Users are advised to upgrade to PaperCut MF 25.0.5 (Standard Release) or 25.0.9 (Konica Minolta Certified Release). After upgrading the Application Server, ensure that the embedded application on Konica Minolta devices is also updated to the latest version.