On Thursday 10 September 2024, details of a critical chained vulnerability were disclosed by a security researcher. Attackers can use these vulnerabilities to achieve remote code execution, potentially leading to complete control of vulnerable systems. This article summarises our investigation to determine if we are vulnerable and any actions taken to remediate this.
We checked our firewalls to confirm that incoming traffic from the Internet to port 631/tcp and 631/udp is blocked. We are scanning our infrastructure to identify any vulnerable applications and services. If any are identified, we will either update to patched versions, or remove the software if it is not needed. We continue to monitor the situation and follow recommendations from the authorities and our vendors.
We do not believe that any of our systems are affected by this vulnerability. We are taking additional steps as recommended by our vendors to further secure Papirfly systems.