CVE-2024-47176 : CUPS is a standards-based, open-source printing system, and `cups-browsed` conta

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Published 2024-09-26 21:13:06

Updated 2024-10-02 20:15:12

Source GitHub, Inc.

View at NVD, CVE.org

Products affected by CVE-2024-47176

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-47176

EPSS FAQ

91.69%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2024-47176

CUPS IPP Attributes LAN Remote Code Execution

Disclosure Date: 2024-09-26

First seen: 2024-11-24

exploit/multi/misc/cups_ipp_remote_code_execution

This module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a pri

More information

CVSS scores for CVE-2024-47176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.4	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H	N/A	N/A	GitHub, Inc.	2024-09-26
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High
8.3	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H	1.6	6.0	GitHub, Inc.	2024-09-26
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	GitHub, Inc.	2024-10-02
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	N/A	N/A	RedHat-CVE-2024-47176	2024-09-27
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2024-47176

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- a0819718-46f1-4df5-94e2-005712e83aaa (Primary)
- security-advisories@github.com (Secondary)
CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Assigned by:
- a0819718-46f1-4df5-94e2-005712e83aaa (Primary)
- security-advisories@github.com (Secondary)
CWE-1327 Binding to an Unrestricted IP Address

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
Assigned by:
- a0819718-46f1-4df5-94e2-005712e83aaa (Primary)
- security-advisories@github.com (Primary)

References for CVE-2024-47176

https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6

ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer · Advisory · OpenPrinting/libppd · GitHub

CVEs referencing this url
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8

Multiple bugs leading to info leak and remote code execution · Advisory · OpenPrinting/cups-browsed · GitHub

CVEs referencing this url
https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992

cups-browsed/daemon/cups-browsed.c at master · OpenPrinting/cups-browsed · GitHub
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5

cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server · Advisory · OpenPrinting/libcupsfilters · GitHub

CVEs referencing this url
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47

Command injection via FoomaticRIPCommandLine · Advisory · OpenPrinting/cups-filters · GitHub

CVEs referencing this url
https://www.cups.org

CUPS.org

CVEs referencing this url
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I

Attacking UNIX Systems via CUPS, Part I

CVEs referencing this url

Jump to