5.3 CVE-2024-47176
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
https://nvd.nist.gov/vuln/detail/CVE-2024-47176
Categories
CWE-1327 : Binding to an Unrestricted IP Address
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely. Assign IP addresses that are not 0.0.0.0. Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures. Desktop manager for Kubernetes and container management binds a service to 0.0.0.0, allowing users on the network to make requests to a dashboard API.
References
af854a3a-2127-422b-91ae-364da2661108
security-advisories@github.com
CPE
REMEDIATION
EXPLOITS
Exploit-db.com
id |
description |
date |
|
No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
id |
description |
severity |
1 |
Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to. [Survey] The attacker surveys the target application, possibly as a valid and authenticated user [Identify Functionality] At each step, the attacker notes the resource or functionality access mechanism invoked upon performing specific actions [Iterate over access capabilities] Possibly as a valid user, the attacker then tries to access each of the noted access mechanisms directly in order to perform functions not constrained by the ACLs. |
High |
MITRE
Techniques
id |
description |
T1574.010 |
Hijack Execution Flow: ServicesFile Permissions Weakness |
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
id |
description |
T1574.010 |
Limit privileges of user accounts and groups so that only authorized administrators can interact with service changes and service binary target path locations. Deny execution from user directories such as file download directories and temp directories where able. |
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer