CVE-2014-4338 — Cups-filters vulnerability

CWE-2647 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

0.4%

top 39.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Cups-filters

Timeline

PublishedJun 22

Latest updateMay 14

Description

cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages2 packages

▶Debianlinuxfoundation/cups-filters< 1.0.53-1+3

▶NVDlinuxfoundation/cups-filters1.0.52

🔴Vulnerability Details

GHSA

GHSA-5hcw-w537-f2mc: cups-browsed in cups-filters before 1↗2022-05-14

▶

OSV

CVE-2014-4338: cups-browsed in cups-filters before 1↗2014-06-22

▶

CVEList

CVE-2014-4338: cups-browsed in cups-filters before 1↗2014-06-22

▶

📋Vendor Advisories

Red Hat

cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts↗2014-04-25

▶

Debian

CVE-2014-4338: cups-filters - cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass int...↗2014

▶

💬Community

Bugzilla

CVE-2014-4338 cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts↗2014-04-25

▶