Advisory on Linux CUPS Vulnerabilities
On September 26, 2024, a security researcher identified multiple vulnerabilities in the Linux Common Unix Printing System (CUPS). The following are the vulnerabilities found in OpenPinting CUPS:
| CVE ID | Vulnerability |
|---|---|
By chaining these vulnerabilities together, an attacker could achieve remote code execution. |
The most severe of these vulnerabilities is CVE-2024-47177, which is classified as a Critical severity and has a CVSS score of 9.0.
To exploit this vulnerability, the following conditions must be met:
1. The Linus CUPS-browsed service is manually enabled.
2. An attacker has access to a vulnerable server, which allows unrestricted access, such as to the public internet, or gains access to an internal network where the local connections are trusted.
3. The attacker advertises a malicious Internet Printing Protocol (IPP) server, providing a malicious printer.
4. A potential victim attempts to print from a malicious device.
5. An attacker executes arbitrary code on the victim’s machine.
Impacted IONOS Cloud Products
Linux CUPS vulnerabilities do not impact any of the IONOS Cloud products.
What action has IONOS Cloud taken to mitigate the severity?
This vulnerability does not impact IONOS Cloud products. Hence, no action is needed.
What action can you take to mitigate the vulnerability?
Users should review their use of Linux CUPS and, if enabled, follow the vendor-specific guidance to patch the environment.
How can I get help?
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
Last updated