Search for vulnerabilities
Vulnerability details: VCID-7k71-pubh-tyh9
Vulnerability ID VCID-7k71-pubh-tyh9
Aliases CVE-2024-47175
Summary CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
Status Published
Exploitability 2.0
Weighted Severity 6.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-20 Improper Input Validation
System Score Found at
cvssv3 7.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.26037 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.28751 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.28751 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.28751 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.28751 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
epss 0.35448 https://api.first.org/data/v1/epss?cve=CVE-2024-47175
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json
https://api.first.org/data/v1/epss?cve=CVE-2024-47175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html
https://www.cups.org
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
http://www.openwall.com/lists/oss-security/2024/09/27/3
2314256 https://bugzilla.redhat.com/show_bug.cgi?id=2314256
CVE-2024-47175 https://nvd.nist.gov/vuln/detail/CVE-2024-47175
RHSA-2024:7346 https://access.redhat.com/errata/RHSA-2024:7346
RHSA-2024:7461 https://access.redhat.com/errata/RHSA-2024:7461
RHSA-2024:7462 https://access.redhat.com/errata/RHSA-2024:7462
RHSA-2024:7463 https://access.redhat.com/errata/RHSA-2024:7463
RHSA-2024:7503 https://access.redhat.com/errata/RHSA-2024:7503
RHSA-2024:7504 https://access.redhat.com/errata/RHSA-2024:7504
RHSA-2024:7506 https://access.redhat.com/errata/RHSA-2024:7506
RHSA-2024:7551 https://access.redhat.com/errata/RHSA-2024:7551
RHSA-2024:7553 https://access.redhat.com/errata/RHSA-2024:7553
RHSA-2024:7623 https://access.redhat.com/errata/RHSA-2024:7623
RHSA-2024:9470 https://access.redhat.com/errata/RHSA-2024:9470
RHSA-2025:0083 https://access.redhat.com/errata/RHSA-2025:0083
USN-7041-1 https://usn.ubuntu.com/7041-1/
USN-7041-2 https://usn.ubuntu.com/7041-2/
USN-7041-3 https://usn.ubuntu.com/7041-3/
USN-7045-1 https://usn.ubuntu.com/7045-1/
Data source Metasploit
Description This module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed <= 2.0.1, libcupsfilters <= 2.1b1, libppd <= 2.1b1, and cups-filters <= 2.0.1.
Note 
Stability:
  - crash-safe
Reliability:
  - event-dependent
SideEffects:
  - ioc-in-logs
  - artifacts-on-disk
Ransomware campaign use Unknown
Source publication date Sept. 26, 2024
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15162
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-26T23:52:30.751026+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7041-1/ 34.0.1