CVE-2024-47176
published 2024-09-26CVE-2024-47176: CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to…
PriorityP184medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
62.27%
99.1th percentile
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 2.3.3op2-3+deb11u10 | 2.3.3op2-3+deb11u10 |
| apple | cups | >= 0 < 2.3.3op2-3+deb11u9 | 2.3.3op2-3+deb11u9 |
| apple | cups | >= 0 < 2.4.2-3+deb12u9 | 2.4.2-3+deb12u9 |
| apple | cups | >= 0 < 2.4.2-3+deb12u8 | 2.4.2-3+deb12u8 |
| apple | cups | >= 0 < 2.4.10-3+deb13u1 | 2.4.10-3+deb13u1 |
| apple | cups | >= 0 < 2.4.10-2 | 2.4.10-2 |
| apple | cups | >= 0 < 2.4.10-4 | 2.4.10-4 |
| apple | cups | >= 0 < 2.4.10-2 | 2.4.10-2 |
| debian | cups | < cups 2.4.2-3+deb12u8 (bookworm) | cups 2.4.2-3+deb12u8 (bookworm) |
| debian | cups | < cups 2.4.2-3+deb12u9 (bookworm) | cups 2.4.2-3+deb12u9 (bookworm) |
| debian | cups-filters | < cups-filters 1.28.17-3+deb12u1 (bookworm) | cups-filters 1.28.17-3+deb12u1 (bookworm) |
| debian | cups-filters | — | — |
| debian | debian_linux | — | — |
| debian | libppd | < cups 2.4.2-3+deb12u8 (bookworm) | cups 2.4.2-3+deb12u8 (bookworm) |
| chrome_chrome | — | — | |
| linuxfoundation | cups-filters | >= 0 < 1.28.7-1+deb11u3 | 1.28.7-1+deb11u3 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-3+deb12u1 | 1.28.17-3+deb12u1 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-5 | 1.28.17-5 |
| linuxfoundation | cups-filters | >= 0 < 1.28.17-5 | 1.28.17-5 |
| linuxfoundation | cups-filters | >= 0 < 1.27.4-1ubuntu0.4 | 1.27.4-1ubuntu0.4 |
| linuxfoundation | cups-filters | >= 0 < 1.27.4-1ubuntu0.3 | 1.27.4-1ubuntu0.3 |
| linuxfoundation | cups-filters | >= 0 < 1.28.15-0ubuntu1.4 | 1.28.15-0ubuntu1.4 |
| linuxfoundation | cups-filters | >= 0 < 1.28.15-0ubuntu1.3 | 1.28.15-0ubuntu1.3 |
| linuxfoundation | cups-filters | >= 0 < 1.8.3-2ubuntu3.5+esm2 | 1.8.3-2ubuntu3.5+esm2 |
| msrc | azl3_cups_1.28.17-3_on_azure_linux_3.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
process where host.os.type == "linux" and event.type == "start" and
event.action == "exec" and process.parent.name == "foomatic-rip" and
process.name in ("bash", "dash", "sh", "tcsh", "csh", "zsh", "ksh", "fish")
and not process.command_line like ("*/tmp/foomatic-*", "*-sDEVICE=ps2write*")sigma↗
process where host.os.type == "linux" and event.type == "start" and
event.action == "exec" and user.name == "lp" and
process.parent.name in ("cupsd", "foomatic-rip", "bash", "dash", "sh",
"tcsh", "csh", "zsh", "ksh", "fish") and process.name in ("bash", "dash",
"sh", "tcsh", "csh", "zsh", "ksh", "fish") and not process.command_line
like ("*/tmp/foomatic-*", "*-sDEVICE=ps2write*")- →Monitor for foomatic-rip spawning any shell process (bash, dash, sh, tcsh, csh, zsh, ksh, fish) on Linux — this is highly anomalous and a strong indicator of CVE-2024-47176 exploitation chain activity. ↗
- →Alert on any process execution by the `lp` user that spawns a shell; the lp user is the default printing group and is the execution context for CUPS RCE payloads. ↗
- →Detect file writes to /tmp/ by the `lp` user, as PoC exploits commonly write payloads there as a first-stage indicator. ↗
- →Monitor for outbound network connections initiated by child processes of foomatic-rip; legitimate print operations do not establish outbound connections. ↗
- →Watch for unsolicited inbound UDP packets to port 631 from external/untrusted sources — this is the initial attack vector for CVE-2024-47176. ↗
- →Detect CUPS servers generating repeated or looping IPP/HTTP requests to external hosts after receiving a single UDP probe — indicative of DDoS amplification abuse of CVE-2024-47176. ↗
- →Hunt for the FoomaticRIPCommandLine directive appearing in PPD files written to disk — its presence indicates attacker-injected command execution payloads. ↗
- ·The lp user on many default Linux configurations has access to commands not required for printing (e.g., telnet), broadening post-exploitation capability. ↗
- ·Interactive reverse shells are not immediately available via this exploit because the lp user has no login shell, but creative techniques can still achieve this. ↗
- ·Approximately 58,000 out of 198,000+ exposed CUPS servers are estimated to be recruitable for DDoS amplification with a 600x amplification factor via a single UDP packet. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv9.8CRITICAL
vulncheck5.3MEDIUM
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
vendor_ubuntu8.6HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
vendor_redhat·2025-09-11·CVSS 5.3
CVE-2025-58364 [MEDIUM] CWE-476 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be a
Debian
CVE-2025-58364: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...
vendor_debian·2025·CVSS 5.3
CVE-2025-58364 [MEDIUM] CVE-2025-58364: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The curren
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-47176
vendor_chrome·2024-10-29·CVSS 5.3
CVE-2024-47176 [MEDIUM] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-47176
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2024-47176
Ubuntu
cups-browsed vulnerability
vendor_ubuntu·2024-10-21
CVE-2024-47176 cups-browsed vulnerability
Title: cups-browsed vulnerability
Summary: cups-browsed could be made to run programs if it received specially crafted
network traffic.
USN-7042-2 released an improved fix for cups-browsed. This update provides
the corresponding update for Ubuntu 24.10.
Original advisory details:
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2024-10-09·CVSS 8.6
CVE-2024-47176 [HIGH] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: cups-filters could be made to run programs if it received specially crafted
network traffic.
USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the
fix for CVE-2024-47176 by removing support for the legacy CUPS printer
discovery protocol entirely.
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside the
local network. In combination with issues in other printing components, a
remote attacker could possibly use this issue to connect to a system,
created manipulated PPD files, and execute arbitrary code when a printer
is used. This update disables support for the legacy CUPS printer
discovery protocol. (CVE-2024-47176)
Ubuntu
cups-browsed vulnerability
vendor_ubuntu·2024-10-09
CVE-2024-47176 cups-browsed vulnerability
Title: cups-browsed vulnerability
Summary: cups-browsed could be made to run programs if it received specially crafted
network traffic.
USN-7042-1 fixed a vulnerability in cups-browsed. This update improves the
fix by removing support for the legacy CUPS printer discovery protocol
entirely.
Original advisory details:
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.
Instructions: In general, a standard system update will make all
Microsoft
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability th
vendor_msrc·2024-10-08·CVSS 7.5
CVE-2024-47850 [MEDIUM] CWE-400 CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability th
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in O
Ubuntu
cups-filters vulnerability
vendor_ubuntu·2024-10-07·CVSS 5.3
CVE-2024-47176 [MEDIUM] cups-filters vulnerability
Title: cups-filters vulnerability
Summary: cups-filters could be made to run programs if it received specially crafted
network traffic.
USN-7043-1 fixed a vulnerability in cups-filters. This update provides
the corresponding update for Ubuntu 16.04 LTS
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside
the local network. In combination with issues in other printing
components, a remote attacker could possibly use this issue to
connect to a system, created manipulated PPD files, and execute
arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)
Instructions: In general, a standard system update will mak
Red Hat
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
vendor_redhat·2024-10-04·CVSS 5.3
CVE-2024-47850 [MEDIUM] cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.
Statement: CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.
Mitigation: See the security bulletin for a detailed
Ubuntu
cups-filters vulnerability
vendor_ubuntu·2024-10-01
CVE-2024-47176 cups-filters vulnerability
Title: cups-filters vulnerability
Summary: cups-filters could be made to run programs if it received specially crafted
network traffic.
USN-7043-1 fixed a vulnerability in cups-filters. This update provides
the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
Instructions: In general, a standard system update will make all the neces
Palo Alto
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
vendor_paloalto·2024-09-26·CVSS 8.6
CVE-2024-47076 [HIGH] CWE-78 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products.
Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues.
Affected products: Cloud NGFW, Cortex XDR, Cortex XDR Agent, Cortex XSIAM, Cortex XSOAR, GlobalProtect App, PAN-OS, Prisma Access, Prisma Browser, Prisma Cloud, Prisma Cloud Compute, Prisma SD-WAN
Solution: No software updates are required at this time.
Workaround: Customers who decide to block CUPS traffic can create a Security poli
Red Hat
cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
vendor_redhat·2024-09-26·CVSS 8.6
CVE-2024-47176 [HIGH] CWE-940 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
A security issue has been identified in OpenPrinting CUPS.
The function ppdCreatePPDFromIPP2
Ubuntu
cups-browsed vulnerability
vendor_ubuntu·2024-09-26
CVE-2024-47176 cups-browsed vulnerability
Title: cups-browsed vulnerability
Summary: cups-browsed could be made to run programs if it received specially crafted
network traffic.
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables support
for the legacy CUPS printer discovery protocol.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cups: libppd: remote command injection via attacker controlled data in PPD file
vendor_redhat·2024-09-26·CVSS 8.6
CVE-2024-47175 [HIGH] CWE-77 cups: libppd: remote command injection via attacker controlled data in PPD file
cups: libppd: remote command injection via attacker controlled data in PPD file
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
A security vulnerability was found in OpenPrinting CUPS.
The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved
Ubuntu
cups-filters vulnerabilities
vendor_ubuntu·2024-09-26·CVSS 8.6
CVE-2024-47176 [HIGH] cups-filters vulnerabilities
Title: cups-filters vulnerabilities
Summary: cups-filters could be made to run programs if it received specially crafted
network traffic.
Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)
Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code
Debian
CVE-2024-47175: cups - CUPS is a standards-based, open-source printing system, and `libppd` can be used...
vendor_debian·2024·CVSS 8.6
CVE-2024-47175 [HIGH] CVE-2024-47175: cups - CUPS is a standards-based, open-source printing system, and `libppd` can be used...
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
Scope: local
bookworm: resolved (fixed in 2.4.2-3+deb12u8)
bullseye: resolved (fixed in 2.3.3op2-3+deb11u9)
forky: resolved (fixed in 2.4.10-2)
sid: resolved (fixed in 2.4.10-2)
trixie: resolved (fixed in 2.4.10-2)
Debian
CVE-2024-47176: cups-filters - CUPS is a standards-based, open-source printing system, and `cups-browsed` conta...
vendor_debian·2024·CVSS 8.6
CVE-2024-47176 [HIGH] CVE-2024-47176: cups-filters - CUPS is a standards-based, open-source printing system, and `cups-browsed` conta...
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Scope: local
bookworm: resolved (fixed in 1.28.17-3+deb12u1)
bullseye: resolved (fixed in 1.28.7-1+deb11u3)
forky: resolved (fixed in 1.28.17-5)
sid: resolved (fixed in 1.28.17-5)
trixie
Debian
CVE-2024-47850: cups-filters - CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary de...
vendor_debian·2024·CVSS 5.3
CVE-2024-47850 [MEDIUM] CVE-2024-47850: cups-filters - CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary de...
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
OSV
CVE-2025-58364: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems
osv·2025-09-11·CVSS 5.3
CVE-2025-58364 [MEDIUM] CVE-2025-58364: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The curren
OSV
cups-filters vulnerabilities
osv·2024-10-09·CVSS 8.6
CVE-2024-47176 [HIGH] cups-filters vulnerabilities
cups-filters vulnerabilities
USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the
fix for CVE-2024-47176 by removing support for the legacy CUPS printer
discovery protocol entirely.
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside the
local network. In combination with issues in other printing components, a
remote attacker could possibly use this issue to connect to a system,
created manipulated PPD files, and execute arbitrary code when a printer
is used. This update disables support for the legacy CUPS printer
discovery protocol. (CVE-2024-47176)
Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A re
OSV
cups-filters vulnerability
osv·2024-10-07·CVSS 5.3
[MEDIUM] cups-filters vulnerability
cups-filters vulnerability
USN-7043-1 fixed a vulnerability in cups-filters. This update provides
the corresponding update for Ubuntu 16.04 LTS
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside
the local network. In combination with issues in other printing
components, a remote attacker could possibly use this issue to
connect to a system, created manipulated PPD files, and execute
arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)
OSV
CVE-2024-47850: CUPS cups-browsed before 2
osv·2024-10-04·CVSS 5.3
CVE-2024-47850 [MEDIUM] CVE-2024-47850: CUPS cups-browsed before 2
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
GHSA
GHSA-phc2-g348-384g: CUPS cups-browsed before 2
ghsa_unreviewed·2024-10-04·CVSS 5.3
CVE-2024-47850 [MEDIUM] CWE-400 GHSA-phc2-g348-384g: CUPS cups-browsed before 2
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
OSV
CVE-2024-47176: CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto
osv·2024-09-26·CVSS 8.6
CVE-2024-47176 [HIGH] CVE-2024-47176: CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
OSV
cups-filters vulnerabilities
osv·2024-09-26·CVSS 8.6
CVE-2024-47176 [HIGH] cups-filters vulnerabilities
cups-filters vulnerabilities
Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)
Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)
OSV
CVE-2024-47175: CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support
osv·2024-09-26·CVSS 9.8
CVE-2024-47175 [CRITICAL] CVE-2024-47175: CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
VulnCheck
Cups-browsed INADDR_ANY IPP Request Vulnerability
vulncheck·2024·CVSS 5.3
CVE-2024-47176 [MEDIUM] Cups-browsed INADDR_ANY IPP Request Vulnerability
Cups-browsed INADDR_ANY IPP Request Vulnerability
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over
Suricata
ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (IPP)
suricata·2024-09-26
CVE-2024-47176 ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (IPP)
ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (IPP)
Rule: alert udp any any -> [$HOME_NET,$HTTP_SERVERS] 631 (msg:"ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (IPP)"; content:"|20|"; within:3; content:"|20|ipp"; distance:1; within:7; fast_pattern; pcre:"/^(?:[A-Fa-f0-9]{1,2}\x20){2}ipps?\x3a\x2f\x2f/"; reference:cve,2024-47176; classtype:misc-activity; sid:2056211; rev:3; metadata:created_at 2024_09_26, cve CVE_2024_47176, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_27;)
Suricata
ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (HTTP)
suricata·2024-09-26
CVE-2024-47176 ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (HTTP)
ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (HTTP)
Rule: alert udp any any -> [$HOME_NET,$HTTP_SERVERS] 631 (msg:"ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (HTTP)"; content:"|20|"; within:3; content:"|20|http"; distance:1; within:8; fast_pattern; pcre:"/^(?:[A-Fa-f0-9]{1,2}\x20){2}https?\x3a\x2f\x2f/"; reference:cve,2024-47176; classtype:misc-activity; sid:2056210; rev:3; metadata:created_at 2024_09_26, cve CVE_2024_47176, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_27; target:dest_ip;)
Elastic
Network Connection by Cups or Foomatic-rip Child
elastic_rules·CVSS 8.6
CVE-2024-47176 [HIGH] Network Connection by Cups or Foomatic-rip Child
Network Connection by Cups or Foomatic-rip Child
This detection rule addresses multiple vulnerabilities in the CUPS printing system, including CVE-2024-47176,
CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. Specifically, this rule detects network connections initiated by a
child processes of foomatic-rip. These flaws impact components like cups-browsed, libcupsfilters, libppd, and
foomatic-rip, allowing remote unauthenticated attackers to manipulate IPP URLs or inject malicious data through crafted
UDP packets or network spoofing. This can result in arbitrary command execution when a print job is initiated.
Query:
sequence by host.id with maxspan=10s
[process where host.os.type == "linux" and event.type == "start" and event.action == "exec" and
process.parent.name == "foomatic-rip"
Elastic
Suspicious Execution from Foomatic-rip or Cupsd Parent
elastic_rules·CVSS 8.6
CVE-2024-47176 [HIGH] Suspicious Execution from Foomatic-rip or Cupsd Parent
Suspicious Execution from Foomatic-rip or Cupsd Parent
This detection rule addresses multiple vulnerabilities in the CUPS printing system, including CVE-2024-47176,
CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. Specifically, this rule detects suspicious process command lines
executed by child processes of foomatic-rip and cupsd. These flaws impact components like cups-browsed, libcupsfilters,
libppd, and foomatic-rip, allowing remote unauthenticated attackers to manipulate IPP URLs or inject malicious data
through crafted UDP packets or network spoofing. This can result in arbitrary command execution when a print job is
initiated.
Query:
process where host.os.type == "linux" and event.type == "start" and event.action in ("exec", "exec_event", "start", "ProcessRollup2") and
process
Elastic
Cupsd or Foomatic-rip Shell Execution
elastic_rules·CVSS 8.6
CVE-2024-47176 [HIGH] Cupsd or Foomatic-rip Shell Execution
Cupsd or Foomatic-rip Shell Execution
This detection rule addresses multiple vulnerabilities in the CUPS printing system, including CVE-2024-47176,
CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. Specifically, this rule detects shell executions from the
foomatic-rip parent process. These flaws impact components like cups-browsed, libcupsfilters, libppd, and foomatic-rip,
allowing remote unauthenticated attackers to manipulate IPP URLs or inject malicious data through crafted UDP packets or
network spoofing. This can result in arbitrary command execution when a print job is initiated.
Query:
process where host.os.type == "linux" and event.type == "start" and
event.action in ("exec", "exec_event", "start", "ProcessRollup2") and process.parent.name == "foomatic-rip" and
process.name in
Elastic
File Creation by Cups or Foomatic-rip Child
elastic_rules·CVSS 8.6
CVE-2024-47176 [HIGH] File Creation by Cups or Foomatic-rip Child
File Creation by Cups or Foomatic-rip Child
This detection rule addresses multiple vulnerabilities in the CUPS printing system, including CVE-2024-47176,
CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. Specifically, this rule detects suspicious file creation events
executed by child processes of foomatic-rip. These flaws impact components like cups-browsed, libcupsfilters, libppd,
and foomatic-rip, allowing remote unauthenticated attackers to manipulate IPP URLs or inject malicious data through
crafted UDP packets or network spoofing. This can result in arbitrary command execution when a print job is initiated.
Query:
sequence by host.id with maxspan=10s
[process where host.os.type == "linux" and event.type == "start" and event.action in ("exec", "start") and
process.parent.name ==
Elastic
Printer User (lp) Shell Execution
elastic_rules·CVSS 8.6
CVE-2024-47176 [HIGH] Printer User (lp) Shell Execution
Printer User (lp) Shell Execution
This detection rule addresses multiple vulnerabilities in the CUPS printing system, including CVE-2024-47176,
CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. Specifically, this rule detects shell executions from the foomatic-rip
parent process through the default printer user (lp). These flaws impact components like cups-browsed, libcupsfilters,
libppd, and foomatic-rip, allowing remote unauthenticated attackers to manipulate IPP URLs or inject malicious data
through crafted UDP packets or network spoofing. This can result in arbitrary command execution when a print job is
initiated.
Query:
process where host.os.type == "linux" and event.type == "start" and
event.action in ("exec", "exec_event", "ProcessRollup2", "ProcessRollup2") and user.name == "
Metasploit
CUPS IPP Attributes LAN Remote Code Execution
metasploit
CUPS IPP Attributes LAN Remote Code Execution
CUPS IPP Attributes LAN Remote Code Execution
This module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed <= 2.0.1, libcupsfilters <= 2.1b1, libppd <= 2.1b1, and cups-filters <= 2.0.1.
Metasploit
cups-browsed Information Disclosure
metasploit
cups-browsed Information Disclosure
cups-browsed Information Disclosure
Retrieve CUPS version and kernel version information from cups-browsed services.
Nuclei
CUPS - Remote Code Execution
nuclei·CVSS 5.3
CVE-2024-47176 [MEDIUM] CUPS - Remote Code Execution
CUPS - Remote Code Execution
CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDR_ANY-631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL.
Due to the service binding to *-631 ( INADDR_ANY ), multiple bugs in cups-browsed can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulner
Bleepingcomputer
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
blogs_bleepingcomputer·2024-10-08·CVSS 5.3
[MEDIUM] New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
## New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
## Bill Toulas
The scanner was created by cybersecurity researcher Marcus Hutchins (aka "MalwareTech"), who created the scanner to help system administrators scan their networks and quickly identify devices running vulnerable CUPS-Browsed services.
"The vulnerability arises from the fact that cups-browsed binds its control port (UDP port 631) to INADDR_ANY, exposing it to the world. Since requests are not authenticated, anyone capable of reaching the control port can instruct cups-browsed to perform printer discovered."
"In cases when the port is not reachable from the internet (due to firewalls or NAT), it may still be reachable via the local network, enabling privilege escalation and lateral movement."
"For this re
Bleepingcomputer
Recently patched CUPS flaw can be used to amplify DDoS attacks
blogs_bleepingcomputer·2024-10-03·CVSS 5.3
CVE-2024-47176 [MEDIUM] Recently patched CUPS flaw can be used to amplify DDoS attacks
## Recently patched CUPS flaw can be used to amplify DDoS attacks
## Sergiu Gatlan
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor.
As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to amplify DDoS attacks.
The vulnerability is triggered when an attacker sends a specially crafted packet, tricking a CUPS server into treating a target as a printer to be added.
Each packet sent to vulnerable CUPS servers prompts them to generate l
Wiz
Crying Out Cloud - October 2024 Newsletter | Wiz
blogs_wiz·2024-10-01·CVSS 9.0
CVE-2024-0132 [CRITICAL] Crying Out Cloud - October 2024 Newsletter | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – noteworthy incidents, exclusive data, and crucial vulnerabilities. Let's dive in.
Here are our top picks!
## 🔍 Highlights
Critical Vulnerability in NVIDIA Container Toolkit
Wiz Research uncovered a critical vulnerability, CVE-2024-0132, in the widely used NVIDIA Container Toolkit. The vulnerability allows attackers with control over a container image to escape the container and gain full access to the underlying host. It is strongly recommended to update the affected package to the latest version 1.16.2, while focusing on container hosts that might run untrusted container images.
According to Wiz data, 33% of cloud environments are impacted by CVE-2024-0132.
Learn more in our blog .
## 🐞 High Profile Vulnerab
Wiz
OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog
blogs_wiz·2024-09-29·CVSS 8.6
CVE-2024-47176 [HIGH] OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog
The security researcher Simone Margaritelli ( evilsocket ), disclosed details of several vulnerabilities impacting CUPS and IPP packages: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. These vulnerabilities are unlikely to be exploited in most cloud environments due to their requirements for exposing UDP port 631 and needing the victim to attempt a print request as part of the currently disclosed exploitation method.
The vulnerabilities received CVSS base scores ranging from 8.0 to 9.0. It is recommended to mitigate these vulnerabilities and apply patches.
## What are these vulnerabilities?
A remote, unauthenticated attacker can replace existing printers with a malicious one or add a new printer under their control, leading to arbitrary command execution when a prin
Wiz
OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog
blogs_wiz·2024-09-29·CVSS 8.6
CVE-2024-47076 [HIGH] OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog
The security researcher Simone Margaritelli (evilsocket), disclosed details of several vulnerabilities impacting CUPS and IPP packages: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. These vulnerabilities are unlikely to be exploited in most cloud environments due to their requirements for exposing UDP port 631 and needing the victim to attempt a print request as part of the currently disclosed exploitation method.
The vulnerabilities received CVSS base scores ranging from 8.0 to 9.0. It is recommended to mitigate these vulnerabilities and apply patches.
# What are these vulnerabilities?
A remote, unauthenticated attacker can replace existing printers with a malicious one or add a new printer under their control, leading to arbitrary command execution when a print j
Elastic
Cups Overflow: When your printer spills more than Ink — Elastic Security Labs
blogs_elastic·2024-09-28·CVSS 6.8
[MEDIUM] Cups Overflow: When your printer spills more than Ink — Elastic Security Labs
28 September 2024•Mika Ayenson, PhD•Terrance DeJesus•Eric Forte•Ruben Groenewoud
# Cups Overflow: When your printer spills more than Ink
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.
9 min readDetection Engineering, Product Updates
## Update October 2, 2024
The following packages introduced out-of-the-box (OOTB) rules to detect the exploitation of these vulnerabilities. Please check your "Prebuilt Security Detection Rules" integration versions or visit the Downloadable rule updates site.
- Stack Version 8.15 - Package Version
Elastic
Cups Overflow: When your printer spills more than Ink — Elastic Security Labs
blogs_elastic·2024-09-28
Cups Overflow: When your printer spills more than Ink — Elastic Security Labs
## Cups Overflow: When your printer spills more than Ink
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.
## Update October 2, 2024
The following packages introduced out-of-the-box (OOTB) rules to detect the exploitation of these vulnerabilities. Please check your "Prebuilt Security Detection Rules" integration versions or visit the Downloadable rule updates site.
Stack Version 8.15 - Package Version 8.15.6+
Stack Version 8.14 - Package Version 8.14.12+
Stack Version 8.13 - Package Version 8.13.18+
Stack Version 8.12 - Package
Qualys
Unauthenticated RCE in CUPS: Critical Printing System Flaws
blogs_qualys·2024-09-26·CVSS 8.6
[HIGH] Unauthenticated RCE in CUPS: Critical Printing System Flaws
## Table of Contents
What Is CUPS?
CUPS Printing System Vulnerabilities
How to Fix CUPS Vulnerabilities:
Why These CUPS Printing Flaws Are a Serious Threat
Recommended Security Measures for Enterprises to mitigate RCE vulnerability
How Qualys Helps Detect and Fix CUPS Vulnerabilities
Conclusion
Next Steps to Secure Your CUPS Printing System
FAQ:
A critical set of unauthenticated Remote Code Execution (RCE) vulnerabilities in CUPS, affecting all GNU/Linux systems and potentially others, was disclosed today. These vulnerabilities allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access. Major organizations like Canonical and Red Hat have confirmed this flaw, assigning it a high severity with a CVSS score of 9.9 out of 10.
Based
Tenable
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
blogs_tenable·2024-09-26·CVSS 8.6
[HIGH] CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
CUPS RCE Vulnerabilities: Patch Critical Flaws | Qualys
blogs_qualys·2024-09-26·CVSS 8.6
[HIGH] CUPS RCE Vulnerabilities: Patch Critical Flaws | Qualys
#### Table of Contents
- What Is CUPS?
- CUPS Printing System Vulnerabilities
- How to Fix CUPS Vulnerabilities:
- Why These CUPS Printing Flaws Are a Serious Threat
- Recommended Security Measures for Enterprises to mitigate RCE vulnerability
- How Qualys Helps Detect and Fix CUPS Vulnerabilities
- Conclusion
- Next Steps to Secure Your CUPS Printing System
- FAQ:
A critical set of unauthenticated Remote Code Execution (RCE) vulnerabilities in CUPS, affecting all GNU/Linux systems and potentially others, was disclosed today. These vulnerabilities allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access. Major organizations like Canonical and Red Hat have confirmed this flaw, assigning it a high severity with a CVSS score of 9.9 out o
Bugzilla
CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
bugzilla·2024-09-23·CVSS 5.3
CVE-2024-47176 [MEDIUM] CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. n both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it. Among other things, this leaks its k
https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6https://www.cups.orghttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-Ihttp://www.openwall.com/lists/oss-security/2024/09/27/6http://www.openwall.com/lists/oss-security/2025/09/11/2https://github.com/OpenPrinting/cups-browsed/commit/1debe6b140c37e0aa928559add4abcc95ce54aa2https://lists.debian.org/debian-lts-announce/2024/09/msg00048.htmlhttps://security.netapp.com/advisory/ntap-20241011-0001/
2024-09-26
Published
Exploited in the wild