Coming Soon
September 27, 2024
CUPS exploit
Alexander Matsson
Product Manager
The exploit:
On Thursday, September 26th, a write-up alongside a PoC was published on a GNU/Linux unauthenticated RCE affecting the CUPS open-source printing system. The critical exploit (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177) affects systems that may print documents, where computers connected to it can be exploited through an arbitrary command execution exploit.
We are working on a new module that will tell you whether you are vulnerable. Stay tuned for more news here and on our blog.
What you can already do:
We are currently highlighting on the Domains page whether we have found port 631 open on any of your domains. These findings should definitely be investigated but bear in mind that this is a TCP port and the exploit is mainly affecting the UDP protocol. For a more cohesive assessment, stay tuned for the new module coming later.Remediation:
- Disable and remove the cups-browsed service if you don’t need it.
- Update the CUPS package on your systems.
- Block incoming traffic on port 631/tcp and port 631/udp, as well as all DNS-SD traffic.
Thanks for your feedback