DIVD-2024-00038 - Remote Code Execution CUPS
Our reference | DIVD-2024-00038 |
Case lead | Dennis Kussendrager |
Researcher(s) | |
CVE(s) | |
Products |
|
Versions |
|
Recommendation | Update to a non-vulnerable version |
Patch status | Patch available |
Workaround | Disable and remove the cups-browsed service if not needed. Block traffic to UDP port 631 and DNS-SD traffic if not necessary. |
Status | Open |
Last modified | 30 Oct 2024 20:59 CET |
Summary
According to public research, four vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) affect various components of the open-source CUPS printing service common to Linux and UNIX systems. When attackers chain these vulnerabilities together, they can remotely run commands on a target web-facing device or on a device on a local network they can already access.
Recommendations
Mitigating risks associated with vulnerabilities requires a combination of proactive measures and real-time defenses. Here are some recommendations:
- Update the CUPS package.
- Disable and remove the cups-browsed service if not needed.
- Block traffic to UDP port 631 and DNS-SD traffic if not necessary.
What we are doing
DIVD is currently working to identify parties that are running a vulnerable version of CUPS and to notify these parties. We do this by looking at the version numbers if possible.
Timeline
Date | Description |
---|---|
17 Oct 2024 | DIVD starts researching the vulnerability. |
17 Oct 2024 | DIVD finds fingerprint, preparing to scan. |
17 Oct 2024 | Case opened and starting first scan. |
More information
- CVE-2024-47076
- CVE-2024-47176
- CVE-2024-47175
- CVE-2024-47177
- National Vulnerability Database for CVE-2024-47076
- National Vulnerability Database for CVE-2024-47076
- National Vulnerability Database for CVE-2024-47076
- National Vulnerability Database for CVE-2024-47076