CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47076

Medium Severity
SVRS
36/100
CVSSv3
NA/10
EPSS
0.79156/1

CVE-2024-47076 in libcupsfilters allows attackers to inject controlled data into the CUPS printing system by exploiting a lack of sanitization in the cfGetPrinterAttributes5 function. This vulnerability can lead to serious security breaches by allowing malicious data to be used in critical system processes. With an SVRS of 36, CVE-2024-47076 presents a moderate risk requiring monitoring and potential mitigation. Although the CVSS score is 0, the SVRS considers real-world threat intelligence, indicating potential exploitability. The lack of sanitization of IPP attributes means that attacker-controlled data can be introduced when, for instance, generating a PPD file. This can compromise the entire CUPS system, potentially enabling further attacks. Because this vulnerability is 'In The Wild', it should be addressed promptly to minimize the risk of exploitation. Mitigation steps should include applying the latest patches and carefully reviewing IPP attribute handling.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-09-26
LAST MODIFIED2024-09-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-47076 is a vulnerability in libcupsfilters, a library used by CUPS, an open-source printing system. The vulnerability allows an attacker to provide attacker-controlled data to the CUPS system by exploiting the cfGetPrinterAttributes5 function, which does not sanitize IPP attributes returned from an IPP server. This could lead to various attacks, such as remote code execution or information disclosure. The SVRS for this vulnerability is 46, indicating a moderate level of severity.

Key Insights

  • The vulnerability can be exploited remotely, allowing attackers to target systems without requiring physical access.
  • The vulnerability can lead to various attacks, including remote code execution and information disclosure.
  • The vulnerability is actively exploited in the wild, indicating that attackers are aware of it and are actively using it to target systems.

Mitigation Strategies

  • Update CUPS to the latest version, which includes a fix for this vulnerability.
  • Disable the affected function, cfGetPrinterAttributes5, if possible.
  • Implement additional security measures, such as firewalls and intrusion detection systems, to protect against potential attacks.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, calling for immediate and necessary measures.
  • Threat actors, including unknown and shadow, are actively exploiting this vulnerability.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
a6df1903658bcb123c38a4a928f80e2a81b617e12024-09-28
HASH
a6df1903658bcb123c38a4a928f80e2a81b617e12024-09-28

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

FYSA – Critical RCE Flaw in GNU-Linux Systems - Security Intelligence
2024-09-26
FYSA – Critical RCE Flaw in GNU-Linux Systems - Security Intelligence | News Content: Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare, and government Geolocation: Global, with
google.com
rss
forum
news
New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online - Information Security Buzz
2024-10-07
New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online - Information Security Buzz | News Content: Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated technology that can be abused by malefactors. The Akamai team revealed that over 198,000 devices connected to the internet are vulnerable to this
google.com
rss
forum
news
USN-7043-4: cups-filters vulnerabilities
2024-10-09
USN-7043-4: cups-filters vulnerabilities | USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy
cves
ubuntu.com
rss
forum
Cups Linux printing bugs open door to DDoS attacks, says Akamai - ComputerWeekly.com
2024-10-04
Cups Linux printing bugs open door to DDoS attacks, says Akamai - ComputerWeekly.com | News Content: A series of four vulnerabilities in the Common Unix Printing System, or Cups, leading to remote code execution (RCE) appear to contain a nasty sting in their tail, according to researchers at Akamai, who earlier this week published evidence that they could also enable a crippling distributed denial of service (DDoS) attack. CVE-2024-47176, CVE-2024-47076, CVE-2024-47175 and CVE-2024-47177 collectively affect more than 76,000 devices and possibly many more. They were discovered and disclosed at the end of September
google.com
rss
forum
news
Cloudflare reports record-breaking 3.8Tbps DDoS attack - Computing
2024-10-04
Cloudflare reports record-breaking 3.8Tbps DDoS attack - Computing | News Content: Launched by a network of compromised devices spread across the globe Internet infrastructure company Cloudflare says it has successfully mitigated the largest publicly recorded distributed denial-of-service (DDoS) attack to date, peaking at massive 3.8 terabits per second (Tbps). The month-long campaign targeted organisations in the financial services, telecommunications sectors and internet, Cloudflare disclosed. "This attack campaign targets bandwidth saturation as well as resource exhaustion of in-line applications and devices," it added. DDoS attacks typically rely on vast networks of compromised devices (botnets) or exploit amplification
cve-2024-47177
cve-2024-47076
cve-2024-47175
cves
Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS - HackRead
2024-10-02
Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS - HackRead | News Content: This article explores the Linux vulnerability discovered by Simone Margaritelli, which, according to cybersecurity companies Uptycs and Akamai, can be exploited for additional malicious purposes, including RCE and DDoS attacks against the Common Unix Printing System (CUPS). Hackread.com recently reported a critical Linux vulnerability, discovered by cybersecurity researcher Simone Margaritelli (aka evilsocket), which could allow attackers to gain complete control of GNU/Linux systems, potentially allowing Linux Remote code execution. This decade-old flaw affects all GNU/Linux systems and has a severity score of 9.9 out
google.com
rss
forum
news
DDoS attacks can be amplified by CUPS flaw - TechRadar
2024-10-04
DDoS attacks can be amplified by CUPS flaw - TechRadar | News Content: The recently-revealed Common UNIX Printing System (CUPS) security flaw may be even worse than expected following new claims it can be abused to amplify distributed denial of service (DDoS) attacks. Researchers from Akamai have claimed the attacks can have an amplification factor of 600x - for an average attack, a worrying prospect for victims everywhere. CUPS is an open-source printing system developed by Apple for Unix-like operating systems, including Linux and macOS. It provides a standardized way to manage print jobs and queues, supporting both local and
google.com
rss
forum
news

Social Media

ALERT: If you're still using Linux & haven't updated yet, your system might be compromised by the #CUPS Remote Code Execution Vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177). Don't wait - patch it NOW & safeguard your data!
0
0
0
Actively exploited CVE : CVE-2024-47076
1
0
0
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities https://t.co/WzUZpvETcr https://t.co/OmDunGXClh
0
0
0
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities https://t.co/cdfP0QRYD6 https://t.co/gFapCgl4Gl
0
0
0
This video explains a critical vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177) in the Common UNIX Printing System (CUPS) that could allow remote code execution (RCE) on affected systems. https://t.co/jFo3Efk2Yv
0
0
0
🚨 Millions of Kia vehicles at risk of remote hacks via license plates! 🚗💥 Stay vigilant & update systems promptly. 🔗 https://t.co/niQiRsIhs0 #Cybersecurity 🚨 Critical Unix CUPS vulnerabilities (CVE-2024-47076, -47175, -47177) enable remote code execution. Immediate
0
0
1
¿Y ya parcharon su CUPS? Patches available for packages affected by CUPS Remote Code Execution issue Tracked by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 For more see: https://t.co/We7xIH4WbB
0
0
0
🔍 New Research: "CUPS Overflow - When Your Printer Spills More than Ink" 🖨️ At @elasticseclabs, we are dedicated to swiftly addressing critical security threats. In response to @evilsocket's #CUPS vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177),
0
2
2
⚠️ CUPS Vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) Read #AquaNautilus' blog for: • A current overview of the CUPS vulnerabilities and their conditions. • Steps to check if your system is at risk. • How Aqua can help block and identify
0
0
0
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities https://t.co/vw1475jsoS https://t.co/FbUYZ6KaFY
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
[email protected]https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
[email protected]https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
[email protected]https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
[email protected]https://www.cups.org
[email protected]https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
GITHUBhttps://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
GITHUBhttps://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
GITHUBhttps://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
GITHUBhttps://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence