# Advisory on Linux CUPS Vulnerabilities

On September 26, 2024, a security researcher identified multiple vulnerabilities in the Linux Common Unix Printing System (CUPS). The following are the vulnerabilities found in OpenPinting CUPS:

| CVE ID                                                                                                                                                                                                                                                                                                                                                                                                         | Vulnerability                                                                                |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| [<mark style="color:blue;">CVE-2024-47076</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47076), [<mark style="color:blue;">CVE-2024-47175</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47175), [<mark style="color:blue;">CVE-2024-47176</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47176), [<mark style="color:blue;">CVE-2024-47177</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47177) | By chaining these vulnerabilities together, an attacker could achieve remote code execution. |

The most severe of these vulnerabilities is [<mark style="color:blue;">CVE-2024-47177</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-47177), which is classified as a **Critical** severity and has a CVSS score of **9.0**.

To exploit this vulnerability, the following conditions must be met:

1\. The Linus CUPS-browsed service is manually enabled.

2\. An attacker has access to a vulnerable server, which allows unrestricted access, such as to the public internet, or gains access to an internal network where the local connections are trusted.

3\. The attacker advertises a malicious Internet Printing Protocol (IPP) server, providing a malicious printer.

4\. A potential victim attempts to print from a malicious device.

5\. An attacker executes arbitrary code on the victim’s machine.

## Impacted IONOS Cloud Products

Linux CUPS vulnerabilities do not impact any of the IONOS Cloud products.

## What action has IONOS Cloud taken to mitigate the severity?

This vulnerability does not impact IONOS Cloud products. Hence, no action is needed.

## What action can you take to mitigate the vulnerability?

Users should review their use of Linux CUPS and, if enabled, follow the vendor-specific guidance to patch the environment.

### How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).