5.3 CVE-2024-47176

Exploit
 

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
https://nvd.nist.gov/vuln/detail/CVE-2024-47176

Categories

CWE-1327 : Binding to an Unrestricted IP Address
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. Assign IP addresses that are not 0.0.0.0. Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures. Desktop manager for Kubernetes and container management binds a service to 0.0.0.0, allowing users on the network to make requests to a dashboard API.

References


 

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
https://github.com/l0n3m4n/CVE-2024-47176
https://github.com/gianlu335/CUPS-CVE-2024-47176

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
1 Accessing Functionality Not Properly Constrained by ACLs
High


MITRE


Techniques

id description
T1574.010 Hijack Execution Flow: ServicesFile Permissions Weakness
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
T1574.010 Limit privileges of user accounts and groups so that only authorized administrators can interact with service changes and service binary target path locations. Deny execution from user directories such as file download directories and temp directories where able.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.