CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47176

High Severity
SVRS
46/100
CVSSv3
NA/10
EPSS
0.91689/1

CVE-2024-47176 is a critical vulnerability in CUPS cups-browsed that could allow unauthenticated remote command execution. Due to its insecure network handling, an attacker can manipulate printing attributes and potentially compromise the system. The CUPS vulnerability, CVE-2024-47176, arises from cups-browsed binding to all network interfaces, trusting any incoming packet, and enabling manipulation of Get-Printer-Attributes requests. While the CVSS score is 0, indicating a flaw in its calculation for this context, the SOCRadar Vulnerability Risk Score (SVRS) is 46, reflecting a moderate risk level, and there are existing exploits available. This means active exploitation is possible, and when combined with other vulnerabilities like CVE-2024-47076, CVE-2024-47175 and CVE-2024-47177, a malicious printer can execute arbitrary commands remotely without authentication. The vulnerability poses a significant security risk, especially in environments where network printing is prevalent, because attackers can potentially gain complete control of the affected systems. While the SVRS is below the critical threshold of 80, the existence of active exploits means immediate patching and mitigation strategies are warranted.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-09-26
LAST MODIFIED2024-10-02
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-47176 is a critical vulnerability in CUPS, an open-source printing system. It allows an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.

Key Insights

  • The CVSS score of 8.3 indicates that this vulnerability is considered high risk.
  • The SVRS score of 48 indicates that this vulnerability is considered critical and requires immediate action.
  • Active exploits have been published to exploit this vulnerability.
  • Threat actors, including unknown and shadow, are actively using this vulnerability.

Mitigation Strategies

  • Update CUPS to the latest version.
  • Disable the CUPS service if it is not needed.
  • Restrict access to the CUPS service to trusted hosts only.
  • Monitor network traffic for suspicious activity.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
a6df1903658bcb123c38a4a928f80e2a81b617e12024-09-28
HASH
a6df1903658bcb123c38a4a928f80e2a81b617e12024-09-28

Exploits

TitleSoftware LinkDate
GO0dspeed/spillhttps://github.com/GO0dspeed/spill2024-09-27
l0n3m4n/CVE-2024-47176https://github.com/l0n3m4n/CVE-2024-471762024-10-03
AxthonyV/CVE-2024-47176https://github.com/AxthonyV/CVE-2024-471762024-10-07
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities | UpGuard
2025-01-17
Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities | UpGuard | Learn how to detect and mitigate CUPS vulnerabilities, including CVE-2024-47176.
upguard.com
rss
forum
news
Tageszusammenfassung - 09.10.2024
CERT.at2024-12-02
Tageszusammenfassung - 09.10.2024 | End-of-Day report Timeframe: Dienstag 08-10-2024 18:00 - Mittwoch 09-10-2024 18:00 Handler: Alexander Riepl Co-Handler: n/a News Two never-before-seen tools, from same group, infect air-gapped devices Its hard enough creating one air-gap-jumping tool. GoldenJackal did it 2x in 5 years. https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/ European govt air-gapped systems breached
cert.at
rss
forum
news
Metasploit Weekly Wrap-up 11/29/2024
Christopher Granleese2024-11-29
Metasploit Weekly Wrap-up 11/29/2024 | Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176New module content (4) Acronis Cyber Protect/Backup machine info disclosure Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y [email protected] Type: Auxiliary Pull request: <a
rapid7.com
rss
forum
news
FYSA – Critical RCE Flaw in GNU-Linux Systems - Security Intelligence
2024-09-26
FYSA – Critical RCE Flaw in GNU-Linux Systems - Security Intelligence | News Content: Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare, and government Geolocation: Global, with
google.com
rss
forum
news
New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online - Information Security Buzz
2024-10-07
New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online - Information Security Buzz | News Content: Akamai researchers have identified a critical vulnerability in the Common Unix Printing System (CUPS) that could allow malicious actors to initiate powerful distributed denial-of-service (DDoS) attacks with minimal resources. Approximately 58,000 exposed devices are potentially at risk, posing a serious threat to internet stability. This discovery adds to the growing list of vulnerabilities in outdated technology that can be abused by malefactors. The Akamai team revealed that over 198,000 devices connected to the internet are vulnerable to this
google.com
rss
forum
news
USN-7043-4: cups-filters vulnerabilities
2024-10-09
USN-7043-4: cups-filters vulnerabilities | USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy
cves
ubuntu.com
rss
forum
Ubuntu Security Notice USN-7043-4
2024-10-09
Ubuntu Security Notice USN-7043-4 | Ubuntu Security Notice 7043-4 - USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for
cve-2024-47176
cves
ubuntu
security

Social Media

Our experts regularly update Core Impact's certified #exploit library. Get details on the latest additions, including CVE-2024-6769, CVE-2024-36401, CVE-2024-47176, CVE-2024-38054, CVE-2024-26230, CVE-2024-0799, CVE-2024-0800, and more. https://t.co/DziZgG9ccw https://t.co/gveK7yCCz6
0
0
0
"Cracking open the 'CUPS of chaos' with CVE-2024-47176. One crafty packet punches a 600x DDoS amplification. Still running 2007's CUPS version? @CyberSecPro, surely not! Patch or prepare for a botnet brewing in your backyard. #CyberSecurity #DDoS #UnixVulnerability #TimeToPatch" https://t.co/CY1EMexXwZ
0
0
0
Understanding CVE-2024-47176: Mitigating CUPS Vulnerabilities | UpGuard https://t.co/4J9RlQJPf1
0
0
0
Actively exploited CVE : CVE-2024-47176
1
0
0
Ubuntu Security Notice USN-7043-4: Ubuntu Security Notice 7043-4 - USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Simone… https://t.co/jy5gG9pJLW
0
0
0
#NEW #SHARE An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. https://t.co/zCI07H0xCi
0
0
0
ALERT: If you're still using Linux &amp; haven't updated yet, your system might be compromised by the #CUPS Remote Code Execution Vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177). Don't wait - patch it NOW &amp; safeguard your data!
0
0
0
🔰 Scan for CVE-2024-47176 (CUPS - Remote Code Execution) with Nuclei Nuclei Template: https://t.co/OY9s33ZEpU #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding https://t.co/Vv3e6W35IY
0
2
4
Critical CUPS vulnerability (CVE-2024-47176) exposes Unix systems to 600x amplified DDoS attacks and remote code execution via a single UDP packet. Patch available. More details here: https://t.co/Bps3lH3Y66 #CUPS #Unix #InfoSec
0
0
0
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities https://t.co/WzUZpvETcr https://t.co/OmDunGXClh
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992
[email protected]https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
[email protected]https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
[email protected]https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
[email protected]https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
[email protected]https://www.cups.org
[email protected]https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
GITHUBhttps://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
GITHUBhttps://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
GITHUBhttps://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
GITHUBhttps://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

CWE Details

CWE IDCWE NameDescription
CWE-749Exposed Dangerous Method or FunctionThe software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-1327Binding to an Unrestricted IP AddressThe product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence