slider

Netizen: September 2024 Vulnerability Review

Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled four critical vulnerabilities from September that should be immediately patched or addressed if present in your environment. Detailed writeups below:


CVE-2024-47176

CVE-2024-47176 describes a high-severity remote code execution vulnerability found in CUPS (Common UNIX Printing System) and specifically in the cups-browsed component. The vulnerability stems from improper binding to INADDR_ANY:631, which causes cups-browsed to trust any packet from any source. This flaw can allow an attacker to send a malicious Get-Printer-Attributes IPP (Internet Printing Protocol) request to a controlled URL, enabling the introduction of a rogue printer on the network. This can be exploited in a sequence of bugs within cups-browsed, ultimately allowing the execution of arbitrary commands remotely on the target machine when a print job is initiated, without any authentication.

This vulnerability poses significant risks, particularly in networked environments, as it can be exploited from the public internet—leaving systems with exposed CUPS services vulnerable to remote attacks. The vulnerability has been assigned a CVSS v3 base score of 8.3, with a vector of CVSS:3.0/AV/AC/PR/UI/S/C/I/A, indicating severe impacts on confidentiality, integrity, and availability, requiring no privileges but some user interaction.

Due to its critical nature, this vulnerability is listed in several security advisories, urging organizations to apply patches provided by OpenPrinting. The fix for this issue was released as part of ongoing security advisories from OpenPrinting, which addressed multiple related vulnerabilities across CUPS components. Organizations using vulnerable versions are advised to apply the patches immediately to mitigate potential exploitation risks. More information is available in the official advisories, including those from GitHub Security Advisories for detailed remediation steps.


CVE-2024-47076

CVE-2024-47076 describes a high-severity vulnerability found in the libcupsfilters library, part of the open-source CUPS printing system. The vulnerability lies within the cfGetPrinterAttributes5 function, which fails to properly sanitize IPP (Internet Printing Protocol) attributes returned from an IPP server. This can result in the injection of attacker-controlled data into the CUPS system, potentially compromising system security by allowing the manipulation of printer attributes used to generate PPD (PostScript Printer Description) files. This flaw poses a significant risk due to its impact on the overall print system, particularly in networked environments.

The vulnerability has a CVSS v3 base score of 8.6, indicating a high risk with the vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N. This means the exploit can be performed remotely over a network without user interaction, leading to high impacts on integrity.

Given the seriousness of this vulnerability, it is strongly advised that organizations using CUPS ensure they apply the appropriate patches or updates from the vendor. For further details, references such as the official advisories from GitHub and CUPS maintainers should be consulted.


CVE-2024-47175

CVE-2024-47175 is a high-severity vulnerability affecting the libppd library, a component of the CUPS printing system. The issue arises in the ppdCreatePPDFromIPP2 function, which fails to properly sanitize IPP (Internet Printing Protocol) attributes when generating PPD (PostScript Printer Description) buffers. When used in conjunction with other functions, like cfGetPrinterAttributes5, this vulnerability could allow user-controlled input to be processed, potentially leading to remote code execution via Foomatic, a printing filter.

This vulnerability can be part of an exploit chain, which may ultimately result in remote code execution (RCE), further exacerbating the potential impact. The severity of this flaw is underlined by its CVSS v3 base score of 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N), indicating that it can be exploited remotely, without user interaction, with high impacts on integrity.

Organizations utilizing CUPS and related libraries should prioritize patching and updating their systems to mitigate the risk of exploitation. The detailed exploit path and security advisories can be found in official repositories and advisories, such as those from GitHub and CUPS maintainers.


CVE-2024-47177

CVE-2024-47177 is a critical vulnerability affecting the CUPS printing system, specifically in environments using the cups-filters package, which provides essential backends, filters, and other utilities for non-Mac OS systems using CUPS 2.x. The issue lies in the FoomaticRIPCommandLine parameter, which can be exploited via a PPD (PostScript Printer Description) file. Any value passed to FoomaticRIPCommandLine is executed as a user-controlled command, allowing for potential remote command execution.

This vulnerability, when exploited in conjunction with other issues like those in CVE-2024-47176, could allow an attacker to achieve full remote command execution, greatly increasing the security risk. The attack is made even more severe by its critical CVSS v3 base score of 9.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating that exploitation can occur remotely with high impacts on confidentiality, integrity, and availability.

Security teams using CUPS with the cups-filters package should urgently apply patches to mitigate this threat. Detailed guidance on addressing this vulnerability can be found in security advisories provided by the CUPS maintainers and relevant GitHub repositories


How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

https://www.netizen.net/contact


Copyright © Netizen Corporation. All Rights Reserved.