Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-47176Cups Rce: Binding to an Unrestricted IP Address in Cups

CWE-1327Binding to an Unrestricted IP AddressCWE-940Improper Verification of Source of a Communication ChannelCWE-476NULL Pointer Dereference30 documents14 sources
Severity
5.3MEDIUMNVD
CNA8.6OSV8.6
EPSS
87.6%
top 0.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Openprinting CupsLinuxfoundation Cups-filtersOpenprinting Cups-browsed
Timeline
PublishedSep 26
Latest updateSep 11

Description

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

CVEListV5openprinting/cups< 2.4.13
CVEListV5openprinting/cups-browsed2.0.1
Debianlinuxfoundation/cups-filters< 1.28.7-1+deb11u3+3
Ubuntulinuxfoundation/cups-filters< 1.27.4-1ubuntu0.4+3

Patches

Patch: github.com

🔴Vulnerability Details

5
OSV
cups-filters vulnerabilities2024-10-09
OSV
CVE-2024-47176: CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto2024-09-26
OSV
cups-filters vulnerabilities2024-09-26
CVEList
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source2024-09-26
VulnCheck
Cups-browsed INADDR_ANY IPP Request Vulnerability2024

💥Exploits & PoCs

1
Nuclei
CUPS - Remote Code Execution

🔍Detection Rules

7
Suricata
ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (IPP)2024-09-26
Suricata
ET INFO Observed UDP cups-browsed Add Printer Packet Inbound (HTTP)2024-09-26
Elastic
Network Connection by Cups or Foomatic-rip Child
Elastic
Suspicious Execution from Foomatic-rip or Cupsd Parent
Elastic
Cupsd or Foomatic-rip Shell Execution

📋Vendor Advisories

12
Red Hat
cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS2025-09-11
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-471762024-10-29
Ubuntu
cups-browsed vulnerability2024-10-21
Ubuntu
cups-filters vulnerabilities2024-10-09
Ubuntu
cups-browsed vulnerability2024-10-09

🕵️Threat Intelligence

3
Bleepingcomputer
Recently patched CUPS flaw can be used to amplify DDoS attacks2024-10-03
Wiz
OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog2024-09-29
Wiz
OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog2024-09-29
CVE-2024-47176 — Cups Rce | cvebase