CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47175

High Severity
SVRS
40/100
CVSSv3
NA/10
EPSS
0.26037/1

CVE-2024-47175 in CUPS libppd allows for potential code execution due to insufficient sanitization of IPP attributes. The ppdCreatePPDFromIPP2 function's failure to sanitize IPP attributes during PPD buffer creation, especially when combined with functions like cfGetPrinterAttributes5, can lead to user-controlled input. While it has a CVSS score of 0, indicating minimal direct impact, SOCRadar's Vulnerability Risk Score (SVRS) of 40 suggests a moderate risk, indicating some exploitability. This vulnerability is significant as it can be a component in a more complex exploit chain, potentially leading to remote code execution (RCE) when combined with other vulnerabilities like CVE-2024-47176. The vulnerability is also tagged as In The Wild, which means it has been observed being exploited, and requires monitoring. Although not critical on its own, its role in enabling RCE makes it a priority for patching, especially in environments utilizing CUPS for printing services. Immediate investigation and application of relevant security patches are advised.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-09-26
LAST MODIFIED2024-09-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-47175 is a vulnerability in CUPS, an open-source printing system. The vulnerability allows an attacker to execute arbitrary code on a vulnerable system by exploiting a flaw in the libppd function ppdCreatePPDFromIPP2. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.

Key Insights

  • The SVRS for CVE-2024-47175 is 52, indicating a moderate level of severity.
  • The vulnerability is actively exploited in the wild by unknown threat actors.
  • The vulnerability can be exploited remotely, making it a high-risk threat.
  • The vulnerability can lead to remote code execution, giving attackers complete control over the affected system.

Mitigation Strategies

  • Update CUPS to the latest version.
  • Disable the libppd module if it is not needed.
  • Restrict access to the affected system from untrusted networks.
  • Implement a web application firewall (WAF) to block malicious requests.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
a6df1903658bcb123c38a4a928f80e2a81b617e12024-09-28
HASH
a6df1903658bcb123c38a4a928f80e2a81b617e12024-09-28

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

FYSA – Critical RCE Flaw in GNU-Linux Systems - Security Intelligence
2024-09-26
FYSA – Critical RCE Flaw in GNU-Linux Systems - Security Intelligence | News Content: Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare, and government Geolocation: Global, with
google.com
rss
forum
news
New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online - Information Security Buzz
2024-10-07
New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online - Information Security Buzz | News Content: Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated technology that can be abused by malefactors. The Akamai team revealed that over 198,000 devices connected to the internet are vulnerable to this
google.com
rss
forum
news
Cups Linux printing bugs open door to DDoS attacks, says Akamai - ComputerWeekly.com
2024-10-04
Cups Linux printing bugs open door to DDoS attacks, says Akamai - ComputerWeekly.com | News Content: A series of four vulnerabilities in the Common Unix Printing System, or Cups, leading to remote code execution (RCE) appear to contain a nasty sting in their tail, according to researchers at Akamai, who earlier this week published evidence that they could also enable a crippling distributed denial of service (DDoS) attack. CVE-2024-47176, CVE-2024-47076, CVE-2024-47175 and CVE-2024-47177 collectively affect more than 76,000 devices and possibly many more. They were discovered and disclosed at the end of September
google.com
rss
forum
news
Cloudflare reports record-breaking 3.8Tbps DDoS attack - Computing
2024-10-04
Cloudflare reports record-breaking 3.8Tbps DDoS attack - Computing | News Content: Launched by a network of compromised devices spread across the globe Internet infrastructure company Cloudflare says it has successfully mitigated the largest publicly recorded distributed denial-of-service (DDoS) attack to date, peaking at massive 3.8 terabits per second (Tbps). The month-long campaign targeted organisations in the financial services, telecommunications sectors and internet, Cloudflare disclosed. "This attack campaign targets bandwidth saturation as well as resource exhaustion of in-line applications and devices," it added. DDoS attacks typically rely on vast networks of compromised devices (botnets) or exploit amplification
cve-2024-47177
cve-2024-47076
cve-2024-47175
cves
Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS - HackRead
2024-10-02
Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS - HackRead | News Content: This article explores the Linux vulnerability discovered by Simone Margaritelli, which, according to cybersecurity companies Uptycs and Akamai, can be exploited for additional malicious purposes, including RCE and DDoS attacks against the Common Unix Printing System (CUPS). Hackread.com recently reported a critical Linux vulnerability, discovered by cybersecurity researcher Simone Margaritelli (aka evilsocket), which could allow attackers to gain complete control of GNU/Linux systems, potentially allowing Linux Remote code execution. This decade-old flaw affects all GNU/Linux systems and has a severity score of 9.9 out
google.com
rss
forum
news
DDoS attacks can be amplified by CUPS flaw - TechRadar
2024-10-04
DDoS attacks can be amplified by CUPS flaw - TechRadar | News Content: The recently-revealed Common UNIX Printing System (CUPS) security flaw may be even worse than expected following new claims it can be abused to amplify distributed denial of service (DDoS) attacks. Researchers from Akamai have claimed the attacks can have an amplification factor of 600x - for an average attack, a worrying prospect for victims everywhere. CUPS is an open-source printing system developed by Apple for Unix-like operating systems, including Linux and macOS. It provides a standardized way to manage print jobs and queues, supporting both local and
google.com
rss
forum
news
DDoS attacks can be amplified by CUPS flaw
2024-10-04
DDoS attacks can be amplified by CUPS flaw | RCE is not the only way to abuse the recently-uncovered CUPS flaw - it can also run powerful DDoS campaigns. The recently-revealed Common UNIX Printing System (CUPS) security flaw may be even worse than expected following new claims it can be abused to amplify distributed denial of service (DDoS) attacks.Researchers from Akamai have claimed the attacks
cve-2024-47177
cve-2024-47076
cve-2024-47176
cve-2024-47175

Social Media

Actively exploited CVE : CVE-2024-47175
1
0
0
ALERT: If you're still using Linux & haven't updated yet, your system might be compromised by the #CUPS Remote Code Execution Vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177). Don't wait - patch it NOW & safeguard your data!
0
0
0
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities https://t.co/WzUZpvETcr https://t.co/OmDunGXClh
0
0
0
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities https://t.co/cdfP0QRYD6 https://t.co/gFapCgl4Gl
0
0
0
This video explains a critical vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177) in the Common UNIX Printing System (CUPS) that could allow remote code execution (RCE) on affected systems. https://t.co/jFo3Efk2Yv
0
0
0
🚨 Attention Linux users! CVE-2024-47175 poses a critical threat to CUPS. Ensure your system's safety by learning more about this crucial update. Stay secure! 🔒 Visit https://t.co/Z276b2xQVD for details. #CyberSecurity #LinuxUpdates
0
0
0
¿Y ya parcharon su CUPS? Patches available for packages affected by CUPS Remote Code Execution issue Tracked by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 For more see: https://t.co/We7xIH4WbB
0
0
0
🔍 New Research: "CUPS Overflow - When Your Printer Spills More than Ink" 🖨️ At @elasticseclabs, we are dedicated to swiftly addressing critical security threats. In response to @evilsocket's #CUPS vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177),
0
2
2
🚨 Alert: A critical vulnerability in libppd, CVE-2024-47175, could enable remote code execution via crafted PPD files. Stay safe! Update now! More details: https://t.co/Z276b2xQVD #CyberSecurity #LinuxSecurity
0
0
0
⚠️ CUPS Vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177) Read #AquaNautilus' blog for: • A current overview of the CUPS vulnerabilities and their conditions. • Steps to check if your system is at risk. • How Aqua can help block and identify
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
[email protected]https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
[email protected]https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
[email protected]https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
[email protected]https://www.cups.org
[email protected]https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
GITHUBhttps://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
GITHUBhttps://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
GITHUBhttps://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
GITHUBhttps://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence