CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL.
Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-940 | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 26 Sep 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 26 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled. | |
Title | cups-browsed bugs and other bugs can combine, leading to info leak and remote code execution | |
Weaknesses | CWE-1327 CWE-20 CWE-749 |
|
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-26T21:13:05.913Z
Updated: 2024-09-27T18:13:04.491Z
Reserved: 2024-09-19T22:32:11.962Z
Link: CVE-2024-47176
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-09-26T22:15:04.497
Modified: 2024-09-26T22:15:04.497
Link: CVE-2024-47176
Redhat