CUPS 'cups-browsed' Vulnerability Allows Remote Execution of Arbitrary Commands
Key Information
- Vendor
- Openprinting
- Status
- Cups-browsed
- Vendor
- CVE Published:
- 26 September 2024
Badges
Summary
CVE-2024-47176 is a vulnerability in the CUPS printing system's cups-browsed component that allows remote execution of arbitrary commands. It affects Linux and Unix systems and can be exploited by attackers to execute commands on the target machine without authentication. The vulnerability can be combined with other related vulnerabilities to achieve this, and it has the potential to impact a large number of devices. There are currently no known exploitations in the wild by ransomware groups, but proof-of-concept exploits are public. The vendor, OpenPrinting, has published fixes and workarounds for the vulnerability, and affected systems are advised to apply these as soon as possible to mitigate the risk.
Affected Version(s)
cups-browsed = = 2.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVSS V3.1
Timeline
Vulnerability started trending.
First article discovered by Help Net Security
- ๐พ
Exploit exists.
Vulnerability published.
Vulnerability Reserved.