# Advisory on Linux CUPS Vulnerabilities

On September 26, 2024, a security researcher identified multiple vulnerabilities in the Linux Common Unix Printing System (CUPS). The following are the vulnerabilities found in OpenPinting CUPS:

| CVE ID                                                                                                                                                                                                                                                                                                                                                                                                         | Vulnerability                                                                                |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| [<mark style="color:blue;">CVE-2024-47076</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47076), [<mark style="color:blue;">CVE-2024-47175</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47175), [<mark style="color:blue;">CVE-2024-47176</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47176), [<mark style="color:blue;">CVE-2024-47177</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47177) | By chaining these vulnerabilities together, an attacker could achieve remote code execution. |

The most severe of these vulnerabilities is [<mark style="color:blue;">CVE-2024-47177</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47177), which is classified as a **Critical** severity and has a CVSS score of **9.0**.

To exploit this vulnerability, the following conditions must be met:

1\. The Linus CUPS-browsed service is manually enabled.

2\. An attacker has access to a vulnerable server, which allows unrestricted access, such as to the public internet, or gains access to an internal network where the local connections are trusted.

3\. The attacker advertises a malicious Internet Printing Protocol (IPP) server, providing a malicious printer.

4\. A potential victim attempts to print from a malicious device.

5\. An attacker executes arbitrary code on the victim’s machine.

## Impacted IONOS Cloud Products

Linux CUPS vulnerabilities do not impact any of the IONOS Cloud products.

## What action has IONOS Cloud taken to mitigate the severity?

This vulnerability does not impact IONOS Cloud products. Hence, no action is needed.

## What action can you take to mitigate the vulnerability?

Users should review their use of Linux CUPS and, if enabled, follow the vendor-specific guidance to patch the environment.

### How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/security-safeguards/vulnerability-register/2024/linux-cups-vulnerabilities.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.