CUPS 'cups-browsed' Vulnerability Allows Remote Execution of Arbitrary Commands

CVE-2024-47176
8.4HIGH

Key Information

Vendor
Openprinting
Status
Cups-browsed
Vendor
CVE Published:
26 September 2024

Badges

๐Ÿ˜„ Trended๐Ÿ‘พ Exploit Exists๐Ÿ”ด Public PoC๐Ÿ“ฐ News Worthy

Summary

CVE-2024-47176 is a vulnerability in the CUPS printing system's cups-browsed component that allows remote execution of arbitrary commands. It affects Linux and Unix systems and can be exploited by attackers to execute commands on the target machine without authentication. The vulnerability can be combined with other related vulnerabilities to achieve this, and it has the potential to impact a large number of devices. There are currently no known exploitations in the wild by ransomware groups, but proof-of-concept exploits are public. The vendor, OpenPrinting, has published fixes and workarounds for the vulnerability, and affected systems are advised to apply these as soon as possible to mitigate the risk.

Affected Version(s)

cups-browsed = = 2.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability started trending.

  • First article discovered by Help Net Security

  • ๐Ÿ‘พ

    Exploit exists.

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database6 Proof of Concept(s)1 News Article(s)
.