CUPS Vulnerability Allows Remote Command Execution
CVE-2024-47177
Key Information:
- Vendor
Openprinting
- Status
- Vendor
- CVE Published:
- 26 September 2024
Badges
What is CVE-2024-47177?
The CUPS printing system by OpenPrinting is subject to a vulnerability where any value passed to the FoomaticRIPCommandLine via a PPD file can execute as a user-controlled command. This flaw facilitates potential remote command execution when combined with specific logical issues, as also highlighted in related vulnerabilities. The security risk primarily stems from the handling of input values that may not be adequately sanitized, allowing attackers to exploit the system by injecting malicious commands through printing configurations.
Affected Version(s)
cups-filters <= 2.0.1
News Articles
KBI.MediaUnix CUPS Unauthenticated RCE Zero-Day Vulnerabilities: All you need to know - KBI.Media
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in ...
JFrogUnix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know
On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in ...
References
EPSS Score
84% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by JFrog
Vulnerability published
Vulnerability Reserved