Common Unix Printing System (CUPS) - Critical Vulnerability

01 Oct / 2024

Industry News

Common Unix Printing System (CUPS) - Critical Vulnerability


What Is Vulnerable

The open-source printing system called “Common Unix Printing System (CUPS)”, seen in Linux & Unix operating systems is vulnerable. CUPS is used to manage, discover and share printers on the network.
Vulnerable operating system can be seen here

Affected versions: 

• cups-browsed & cups-filters <= 2.0.1 

• libcupsfilters & libppd <= 2.1b1 


What is Happening

A security researcher, Simone Margaritelli, has disclosed four vulnerabilities relating to the open-source printing system used in Linux & Unix operating systems.
The vulnerabilities found in CUPS can be exploited sequentially, providing the threat actor with remote code execution (RCE):

• CVE-2024-47076 - CVSS 8.6

• CVE-2024-47175 - CVSS: 8.6

• CVE-2024-47176 - CVSS: 8.4

• CVE-2024-47177 - CVSS: 9.1


Key Facts 

• All four exploits must be executed sequentially to achieve RCE.
• UDP port 631 must be open, with the “cups-browsed” service listening in on it.
• User input is required. An end user must begin a printing job from a malicious printer (which was achieved during exploitation). 


What you can do 

• Apply patches if they have been released for your operating system.
• Block UDP port 631
• Disable the “browsed-package” service. 

Assessing for possible impact

Cythera is actively monitoring for exploitation and post-exploitation activity for managed detection and response clients


If you have any questions or concerns about this or any other cybersecurity issue, please contact us

Resources

You may be interested in

Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture

Redefining Cybersecurity for Australian Law Firms: The Promise of SASE Architecture The Australian legal sector's increasing adoption of digita…

Read More arrow_forward

Cyber Threats and the Israel-Hamas War

This threat landscape SOC Note does not cover any details of the ongoing ground war. Links to sources that contextualise the Israel-Hamas war ha…

Read More arrow_forward

FortiManager API Vulnerability - CVE-2024-47575

FortiManager API Vulnerability CVE: CVE-2024-47575 CVSS: 9.8/10 What is Vulnerable: Multiple versions of FortiManager are affected by this n…

Read More arrow_forward