On September 26, 2024, a security researcher identified multiple vulnerabilities in the Linux Common Unix Printing System (CUPS). The following are the vulnerabilities found in OpenPinting CUPS:
| CVE ID | Vulnerability |
|---|---|
The most severe of these vulnerabilities is CVE-2024-47177, which is classified as a Critical severity and has a CVSS score of 9.0.
To exploit this vulnerability, the following conditions must be met:
1. The Linus CUPS-browsed service is manually enabled.
2. An attacker has access to a vulnerable server, which allows unrestricted access, such as to the public internet, or gains access to an internal network where the local connections are trusted.
3. The attacker advertises a malicious Internet Printing Protocol (IPP) server, providing a malicious printer.
4. A potential victim attempts to print from a malicious device.
5. An attacker executes arbitrary code on the victim’s machine.
Linux CUPS vulnerabilities do not impact any of the IONOS Cloud products.
This vulnerability does not impact IONOS Cloud products. Hence, no action is needed.
Users should review their use of Linux CUPS and, if enabled, follow the vendor-specific guidance to patch the environment.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.
By chaining these vulnerabilities together, an attacker could achieve remote code execution.