Search for vulnerabilities
Vulnerability details: VCID-9rre-nemp-aaar
Vulnerability ID VCID-9rre-nemp-aaar
Aliases CVE-2023-24805
Summary cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24805.json
epss 0.00641 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00641 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00791 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.00929 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.01080 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.01335 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.01335 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.01335 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.0925 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.15665 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
epss 0.34741 https://api.first.org/data/v1/epss?cve=CVE-2023-24805
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-24805
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-24805
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24805.json
https://api.first.org/data/v1/epss?cve=CVE-2023-24805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24805
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x
https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK/
https://www.debian.org/security/2023/dsa-5407
1036224 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036224
2203051 https://bugzilla.redhat.com/show_bug.cgi?id=2203051
cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:cups-filters:2.0:beta3:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:cups-filters:2.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:cups-filters:2.0:rc1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-24805 https://nvd.nist.gov/vuln/detail/CVE-2023-24805
GLSA-202401-06 https://security.gentoo.org/glsa/202401-06
RHSA-2023:3423 https://access.redhat.com/errata/RHSA-2023:3423
RHSA-2023:3424 https://access.redhat.com/errata/RHSA-2023:3424
RHSA-2023:3425 https://access.redhat.com/errata/RHSA-2023:3425
RHSA-2023:3426 https://access.redhat.com/errata/RHSA-2023:3426
RHSA-2023:3427 https://access.redhat.com/errata/RHSA-2023:3427
RHSA-2023:3428 https://access.redhat.com/errata/RHSA-2023:3428
RHSA-2023:3429 https://access.redhat.com/errata/RHSA-2023:3429
USN-6083-1 https://usn.ubuntu.com/6083-1/
USN-6083-2 https://usn.ubuntu.com/6083-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24805.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24805
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-24805
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.79082
EPSS Score 0.00641
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.