Announcement: Cythera has joined forces with Bastion Security Group. Learn more
01 Oct / 2024
Industry News
Common Unix Printing System (CUPS) - Critical Vulnerability
What Is Vulnerable
The open-source printing system called “Common Unix Printing System (CUPS)”, seen in Linux & Unix operating systems is vulnerable. CUPS is used to manage, discover and share printers on the network.
Vulnerable operating system can be seen here.
Affected versions:
• cups-browsed & cups-filters <= 2.0.1
• libcupsfilters & libppd <= 2.1b1
What is Happening
A security researcher, Simone Margaritelli, has disclosed four vulnerabilities relating to the open-source printing system used in Linux & Unix operating systems.
The vulnerabilities found in CUPS can be exploited sequentially, providing the threat actor with remote code execution (RCE):
• CVE-2024-47076 - CVSS 8.6
• CVE-2024-47175 - CVSS: 8.6
• CVE-2024-47176 - CVSS: 8.4
• CVE-2024-47177 - CVSS: 9.1
Key Facts
• All four exploits must be executed sequentially to achieve RCE.
• UDP port 631 must be open, with the “cups-browsed” service listening in on it.
• User input is required. An end user must begin a printing job from a malicious printer (which was achieved during exploitation).
What you can do
• Apply patches if they have been released for your operating system.
• Block UDP port 631
• Disable the “browsed-package” service.
Assessing for possible impact
Cythera is actively monitoring for exploitation and post-exploitation activity for managed detection and response clients
If you have any questions or concerns about this or any other cybersecurity issue, please contact us
Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture
Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture The Australian legal sector's increasing adoption of digita…
Read MoreCyber Threats and the Israel-Hamas War
This threat landscape SOC Note does not cover any details of the ongoing ground war. Links to sources that contextualise the Israel-Hamas war ha…
Read MoreFortiManager API Vulnerability - CVE-2024-47575
FortiManager API Vulnerability CVE: CVE-2024-47575 CVSS: 9.8/10 What is Vulnerable: Multiple versions of FortiManager are affected by this n…
Read More