Description: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47076
Published Date: 2024-09-26T22:15:04.063
Last Modified: 2024-09-26T22:15:04.063
CVSS Score: 8.6 (HIGH)
EPSS Score: 0.04%
Risk Score: 6.02 (HIGH)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
CVSS:
8.6 |
EPSS:
0.04%
Mitre ATT&CK Technical v15.1
T1153 – Source
T1583.004 – Server
T1584.004 – Server
T1053.002 – At
Technical Analysis & Mitigation Measures
1. Technical Attack Analysis:
– Attack Techniques :
– T1153 – Source : This technique involves the attacker leveraging a vulnerable source to exploit the system. In this case, the attacker uses the `cfGetPrinterAttributes5` function in `libcupsfilters` to inject malicious IPP attributes into the CUPS system.
– T1583.004 – Server : This technique focuses on the exploitation of server vulnerabilities. The attacker can exploit the flaw in the interaction between CUPS and the IPP server to execute arbitrary code or manipulate printer attributes.
– T1584.004 – Server : Similar to T1583.004, this technique relates to a more advanced exploitation of server vulnerabilities, potentially allowing the attacker to establish persistence or further exploit the network environment through compromised printer systems.
– T1053.002 – At : This technique may involve the attacker using the compromised printer system to schedule tasks that could execute malicious payloads or commands, leading to broader network exploitation.
– Possible Outcomes :
– Unauthorized access to sensitive information sent to printers.
– Execution of arbitrary code on the CUPS server or connected systems.
– Compromise of the entire printing infrastructure, potentially leading to denial of service or data manipulation.
– The ability for an attacker to pivot to other systems within the network.
2. Mitigation Measures:
– Update CUPS and `libcupsfilters` to the latest version.
– Implement strict access controls on IPP servers.
– Sanitize and validate all IPP attributes received from external sources.
– Employ network segmentation to isolate printing systems from sensitive networks.
– Monitor logs for unusual activity related to printing tasks and IPP requests.
– Disable unnecessary features or services in CUPS that are not required.
– Use firewalls to restrict access to CUPS services to only trusted IP addresses.
The content above is generated by AI. Please review and consider carefully before applying!
Reference Links
https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
https://www.cups.org
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
Vendor - Produce - Version
None
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.