HIGH · CVSS 8.6
CVE-2024-47076 — CUPS IPP request input validation
A remote unauthenticated RCE in CUPS's IPP handling affected Linux systems with CUPS listening on UDP port 631. Part of a multi-CVE CUPS disclosure including CVE-2024-47175, 47176, 47177.
Affects
- CUPS (libcupsfilters) < 2.1b1
What an attacker does
An attacker sends a crafted IPP-Browse packet to UDP 631. The CUPS daemon adds the attacker as a trusted printer, and subsequent print jobs execute attacker commands.
How to detect
Check for cups-browsed listening; audit printer configurations.
How to fix
Upgrade CUPS. Disable cups-browsed if not needed.
How Securie catches it
Securie's infra scanner flags exposed CUPS services.