We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47176

cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source



Description

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Reserved 2024-09-19 | Published 2024-09-26 | Updated 2024-10-02 | Assigner GitHub_M


MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-1327: Binding to an Unrestricted IP Address

Product status

<= 2.0.1
affected

References

github.com/...rowsed/security/advisories/GHSA-rj88-6mr5-rcw8

github.com/...ilters/security/advisories/GHSA-p9rh-jxmq-gq47

github.com/...ilters/security/advisories/GHSA-w63j-6g73-wmg5

github.com/...libppd/security/advisories/GHSA-7xfx-47qg-grp6

github.com/...cups-browsed/blob/master/daemon/cups-browsed.c

www.cups.org

www.evilsocket.net/...Attacking-UNIX-systems-via-CUPS-Part-I

cve.org (CVE-2024-47176)

nvd.nist.gov (CVE-2024-47176)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47176

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.