Search for vulnerabilities
Vulnerability details: VCID-vk83-kkj8-sffy
Vulnerability ID VCID-vk83-kkj8-sffy
Aliases CVE-2024-47076
Summary CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Status Published
Exploitability 2.0
Weighted Severity 7.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 8.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.5289 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.71739 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.79156 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.80626 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.80626 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
epss 0.80626 https://api.first.org/data/v1/epss?cve=CVE-2024-47076
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json
https://api.first.org/data/v1/epss?cve=CVE-2024-47076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47076
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.cups.org
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
1082821 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082821
2314253 https://bugzilla.redhat.com/show_bug.cgi?id=2314253
CVE-2024-47076 https://nvd.nist.gov/vuln/detail/CVE-2024-47076
RHSA-2024:7346 https://access.redhat.com/errata/RHSA-2024:7346
RHSA-2024:7461 https://access.redhat.com/errata/RHSA-2024:7461
RHSA-2024:7462 https://access.redhat.com/errata/RHSA-2024:7462
RHSA-2024:7463 https://access.redhat.com/errata/RHSA-2024:7463
RHSA-2024:7503 https://access.redhat.com/errata/RHSA-2024:7503
RHSA-2024:7504 https://access.redhat.com/errata/RHSA-2024:7504
RHSA-2024:7506 https://access.redhat.com/errata/RHSA-2024:7506
RHSA-2024:7551 https://access.redhat.com/errata/RHSA-2024:7551
RHSA-2024:7553 https://access.redhat.com/errata/RHSA-2024:7553
RHSA-2024:7623 https://access.redhat.com/errata/RHSA-2024:7623
USN-7043-1 https://usn.ubuntu.com/7043-1/
USN-7043-4 https://usn.ubuntu.com/7043-4/
USN-7044-1 https://usn.ubuntu.com/7044-1/
Data source Metasploit
Description This module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed <= 2.0.1, libcupsfilters <= 2.1b1, libppd <= 2.1b1, and cups-filters <= 2.0.1.
Note 
Stability:
  - crash-safe
Reliability:
  - event-dependent
SideEffects:
  - ioc-in-logs
  - artifacts-on-disk
Ransomware campaign use Unknown
Source publication date Sept. 26, 2024
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/misc/cups_ipp_remote_code_execution.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47076.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15162
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-26T23:52:30.783555+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7043-1/ 34.0.1