#VU97743 Missing Authorization in cups-browsed - CVE-2024-47176


| Updated: 2024-11-22

Vulnerability identifier: #VU97743

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-47176

CWE-ID: CWE-862

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
cups-browsed
Universal components / Libraries / Libraries used by multiple products

Vendor: OpenPrinting

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authorization. A remote attacker can introduce a malicious printer to the system by sending specially crafted packets to port 631/UDP and then execute arbitrary OS commands on the system when a print job is started.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

cups-browsed: 2.0 rc1 - 2.0.1

External links
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


Anolis OS update for cups
Anolis OS update for cups-filters
Anolis OS update for cups-filters
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Multiple vulnerabilities in IBM watsonx Assistant for IBM Cloud Pak for Data
Multiple vulnerabilities in IBM Watson CP4D Data Stores
Multiple vulnerabilities in Dell Hybrid Client
Multiple vulnerabilities in IBM Event Endpoint Management
Multiple vulnerabilities in IBM Event Streams
Multiple vulnerabilities in IBM Event Processing