Critical Linux CUPS Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177)

A picture containing text Description automatically generated

Service Advisory

Multiple security vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177) has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. A proof of concept for these vulnerabilities has been released, and there have been reports of attempted exploitation in the wild. The Information Security team will provide further updates as more information becomes available.

CVSS Score:
8.3-9/High-Critical

Description:
Common UNIX Printing System (CUPS) is an open-source printing system that allows a computer to act as a print server. It manages print jobs and queues and provides support for printing via the Internet Printing Protocol (IPP), making it a widely used printing service on UNIX-like operating systems, including Linux and macOS. If the cups-browsed daemon is enabled, which is not on most systems, it will listen on UDP port 631. It will also, by default, allow remote connections from any device on the network to create a new printer.

Affected Versions:
All GNU/Linux systems.

ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE.

Impact:
This Vulnerability if exploited could lead to remote code execution.

Resolution:
No patches are available right now.

Mitigation:
Disable and remove cups-browsed service if not required.

Block UDP port 631 on the local firewall.

Reference:

https://www.redhat.com/en/blog/red-hat-response-openprinting-cups-vulnerabilities

https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/

https://nvd.nist.gov/vuln/detail/CVE-2024-47177

https://nvd.nist.gov/vuln/detail/CVE-2024-47176

https://nvd.nist.gov/vuln/detail/CVE-2024-47175