Test ID:	1.3.6.1.4.1.25623.1.0.114789
Category:	General
Title:	CUPS Multiple Vulnerabilities (Sep/Oct 2024)
Summary:	Various components of CUPS are prone to multiple; vulnerabilities.
Description:	Summary: Various components of CUPS are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2024-47076: cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server (libcupsfilters) - CVE-2024-47175: ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer (libppd) - CVE-2024-47176: Multiple bugs leading to info leak and remote code execution (cups-browsed) - CVE-2024-47177: Command injection via FoomaticRIPCommandLine (cups-filters) - CVE-2024-47850: Distributed denial-of-service (DDoS) attacks (cups-browsed) Vulnerability Impact: Various flaws chained together could allow a remote code execution (RCE) on the affected host. Affected Software/OS: All CUPS systems which have the affected component(s) installed. Solution: No known solution is available as of 07th October, 2024. Information regarding this issue will be updated once solution details are available. Applying one of the following mitigations seems to close the initial attack vector: - disable / remove the 'cups-browsed' package / service - edit the /etc/cups/cups-browsed.conf configuration based on the vendor guidance in the referenced advisories CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-47076 Common Vulnerability Exposure (CVE) ID: CVE-2024-47175 Common Vulnerability Exposure (CVE) ID: CVE-2024-47176 Common Vulnerability Exposure (CVE) ID: CVE-2024-47177 Common Vulnerability Exposure (CVE) ID: CVE-2024-47850
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.