CUPS critical vulnerability

Multiple vulnerabilities in CUPS-related services allow remote code execution over WAN!

CVEs

• CVE-2024-47176
• CVE-2024-47076
• CVE-2024-47175
• CVE-2024-47177

Attack vector

An attacker is able to replace printers' IPP URLs with a malicious one, creating ACE upon creation of print job (on the computer said print job is created).

Remediation

• Update your packages!
• Disable vulnerable parts of CUPS (cups-browsed)

Learn more

For more information, please read the bughunter's blog at evilsocket.net