CUPS 'cups-browsed' Vulnerability Allows Remote Execution of Arbitrary Commands
CVE-2024-47176
Key Information
- Vendor
- Openprinting
- Status
- Cups-browsed
- Vendor
- CVE Published:
- 26 September 2024
Badges
What is CVE-2024-47176?
CVE-2024-47176 is a vulnerability identified in the CUPS (Common UNIX Printing System) software, specifically within the cups-browsed
component. CUPS is an open-source printing system that facilitates printing services on UNIX-like operating systems. This vulnerability allows for the remote execution of arbitrary commands without authentication, which can severely compromise the security of an organizationās network. An attacker could exploit this flaw by sending malformed printer requests, potentially leading to unauthorized access and control of sensitive systems, data breaches, and operational disruptions.
Technical Details
The vulnerability arises from cups-browsed
improperly trusting incoming network packets due to its configuration of binding to INADDR_ANY:631
, which essentially allows any source to communicate with it. This leads to the handling of Get-Printer-Attributes
IPP requests directed toward malicious URLs. When paired with other identified vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can leverage this weakness to execute commands remotely on the affected machine. This exploits a combination of flaws in the protocol implementation and network service bindings, which underscores the critical nature of the issue.
Impact of the Vulnerability
-
Remote Code Execution: The primary impact of CVE-2024-47176 is the potential for remote code execution, allowing attackers to run arbitrary commands on the target system without needing authentication.
-
Data Breaches: Exploiting this vulnerability can lead to unauthorized access to sensitive information, resulting in potential data breaches that could expose personal data or proprietary information.
-
Operational Disruption: Successful exploitation may lead to operational disruptions as attackers could manipulate system processes, install malware, or engage in further malicious activities that impair normal functionality.
Affected Version(s)
cups-browsed = = 2.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities: All you need to know - KBI.Media
On September 23rd, Twitter userĀ Simone Margaritelli (@evilsocket) announcedĀ that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in ...
1 month ago
Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in ...
2 months ago
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176.
2 months ago
Refferences
CVSS V3.1
Timeline
- š“
Public PoC available
Vulnerability started trending
First article discovered by Help Net Security
- š¾
Exploit known to exist
Vulnerability published
Vulnerability Reserved