CUPS Vulnerability Allows Remote Command Execution
CVE-2024-47177
Key Information
- Vendor
- Openprinting
- Status
- Cups-filters
- Vendor
- CVE Published:
- 26 September 2024
Badges
Summary
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to FoomaticRIPCommandLine via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
Affected Version(s)
cups-filters = <= 2.0.1
News Articles
KBI.MediaUnix CUPS Unauthenticated RCE Zero-Day Vulnerabilities: All you need to know - KBI.Media
On September 23rd, Twitter userĀ Simone Margaritelli (@evilsocket) announcedĀ that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in ...
1 month ago
JFrogUnix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in ...
2 months ago
Refferences
CVSS V3.1
Timeline
- š¾
Exploit known to exist
First article discovered by JFrog
Vulnerability published
Vulnerability Reserved