- 272/2024
- High
Linux has released security updates to address several vulnerabilities in OpenPrinting CUPS.
The addressed vulnerabilities could allow the unauthenticated attacker to silently replace existing printers (or install new ones) IPP urls with a malicious one, and execute arbitrary commands in the affected product when a print job is started.
Sample of the addressed vulnerabilities:
1. OpenPrinting libcupsfilters Security Bypass Vulnerability (CVE-2024-47076):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. OpenPrinting libppd Command Execution Vulnerability (CVE-2024-47175):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
3. OpenPrinting cups-browsed Information Disclosure (CVE-2024-47176):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
It should be highlighted that there is no official fix released, but it is recommended to temporarily disable the “cup-browsed” service if it is not needed, and keep monitoring CUPS logs for any suspicious activities and unauthorized access attempts until the official fix is available.
Vulnerabilities
- CVE-2024-47176
- CVE-2024-47076
- CVE-2024-47175
- CVE-2024-47177
Mitigations
Enterprises, especially those where printing is unnecessary, should implement the recommended mitigation measures until final patches are released, check with its vendors for updates if any, and apply them as soon as the testing phase is completed. Below is a sample of the distributors’ mitigations: