CVE-2024-47176 cups-browsed bugs and other bugs can combine, leading to info leak and remote code execution

2024-09-2621:13:05

CWE-749

CWE-20

CWE-1327

GitHub_M

www.cve.org

cups

printing system

info leak

remote code execution

network printing

cups-browsed

ipp request

service binding

security risk

public internet

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

14.9%

JSON

CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDR_ANY:631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL.

Due to the service binding to *:631 ( INADDR_ANY ), multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.

CNA Affected

[
  {
    "vendor": "OpenPrinting",
    "product": "cups-browsed",
    "versions": [
      {
        "version": "= 2.0.1",
        "status": "affected"
      }
    ]
  }
]