2 Minute Read
On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems. CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS. As of writing, one of the four CUPS zero-day vulnerabilities received a critical severity score, while the rest have high severity ratings. Details of the vulnerabilities are as follows: Red Hat details the attack chain of how malicious actors can exploit these vulnerabilities in its blog post. Regarding these vulnerabilities’ CVSS scores, it should be noted that initially, Margaritelli tweeted that “Canonical, RedHat and others have confirmed the severity, a 9.9,” for at least one of the CUPS flaws and shared a supporting screenshot from a Red Hat engineer who estimated the score. However, as of publishing, the highest CVSS rating is at 9.0. On September 27, 2024, Red Hat published a security bulletin regarding these CUPS vulnerabilities where they shared that “these issues are rated with a severity impact of Important, and in their default configuration are not vulnerable.” It is important to note that while most Linux systems come with CUPS, it is atypical for systems to have the `cups-browsed` service enabled, as it is, by default, disabled. The `cups-browsed` daemon must be manually enabled to expose a targeted system’s UDP ports on a network. Additionally, a malicious actor looking to exploit this vulnerability must also find a way to trick users into triggering a print job from a malicious printer server on their local network. Although patches for these bugs are still unavailable as of writing, Margaritelli recommends the following security best practices: Trustwave will continue to monitor this developing situation, and we remain on standby for our clients to provide further details as more information becomes available.An Overview of CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-4717
Affected Version: 2.0.1 and below
Affected Version: 2.1b1 and below
Affected Version: 2.1b1 and below
Affected Version: 2.0.1 and belowProtecting Your Systems From CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-4717
Sign up to receive the latest security news and trends straight to your inbox from Trustwave.Stay Informed